@fjall/components-infrastructure 0.25.0 → 0.25.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -3
- package/dist/lib/config/aws/bootstrap.d.ts +0 -12
- package/dist/lib/config/aws/bootstrap.js +0 -72
- package/dist/lib/config/aws/bootstrap.original.d.ts +0 -13
- package/dist/lib/config/aws/bootstrap.original.js +0 -94
- package/dist/lib/config/aws/bootstrapAccounts.d.ts +0 -12
- package/dist/lib/config/aws/bootstrapAccounts.js +0 -89
- package/dist/lib/config/aws/bootstrapMultiRegion.example.d.ts +0 -15
- package/dist/lib/config/aws/bootstrapMultiRegion.example.js +0 -105
- package/dist/lib/config/aws/bootstrapSelfManaged.example.d.ts +0 -13
- package/dist/lib/config/aws/bootstrapSelfManaged.example.js +0 -56
- package/dist/lib/config/aws/managedAccountStackSet.d.ts +0 -16
- package/dist/lib/config/aws/managedAccountStackSet.js +0 -75
- package/dist/lib/config/aws/managedPlatformStackSet.d.ts +0 -24
- package/dist/lib/config/aws/managedPlatformStackSet.js +0 -101
- package/dist/lib/patterns/aws/fivetranAppBuilder.d.ts +0 -4
- package/dist/lib/patterns/aws/fivetranAppBuilder.js +0 -32
- package/dist/lib/patterns/aws/managedAccountStackSet.d.ts +0 -11
- package/dist/lib/patterns/aws/managedAccountStackSet.js +0 -36
- package/dist/lib/patterns/aws/managedPlatformStackSet.d.ts +0 -17
- package/dist/lib/patterns/aws/managedPlatformStackSet.js +0 -45
- package/dist/lib/resources/aws/iam/identityCenter/assignmentNew.d.ts +0 -11
- package/dist/lib/resources/aws/iam/identityCenter/assignmentNew.js +0 -102
- package/dist/lib/resources/aws/iam/identityCenter/lambda/assignmentHandler.d.ts +0 -24
- package/dist/lib/resources/aws/iam/identityCenter/lambda/assignmentHandler.js +0 -246
- package/dist/lib/resources/aws/organizations/index.d.ts +0 -54
- package/dist/lib/resources/aws/organizations/index.js +0 -196
- package/dist/lib/utils/getCidr.d.ts +0 -8
- package/dist/lib/utils/getCidr.js +0 -40
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fjall/components-infrastructure",
|
|
3
|
-
"version": "0.25.
|
|
3
|
+
"version": "0.25.1",
|
|
4
4
|
"bin": {
|
|
5
5
|
"infrastructure": "bin/infrastructure.js"
|
|
6
6
|
},
|
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
"dependencies": {
|
|
36
36
|
"@aws-sdk/client-cost-explorer": "^3.717.0",
|
|
37
37
|
"@aws-sdk/client-organizations": "^3.716.0",
|
|
38
|
-
"@fjall/util": "^0.25.
|
|
38
|
+
"@fjall/util": "^0.25.1",
|
|
39
39
|
"@pepperize/cdk-organizations": "^0.7.135",
|
|
40
40
|
"aws-lambda": "^1.0.7",
|
|
41
41
|
"cdk-time-sleep": "^1.0.0",
|
|
@@ -46,7 +46,7 @@
|
|
|
46
46
|
"overrides": {
|
|
47
47
|
"@smithy/core": "2.5.5"
|
|
48
48
|
},
|
|
49
|
-
"gitHead": "
|
|
49
|
+
"gitHead": "36bbc35f9b8ab2d53ea210d9f3f6f522beb36fbc",
|
|
50
50
|
"peerDependencies": {
|
|
51
51
|
"aws-cdk": "^2.204.0",
|
|
52
52
|
"aws-cdk-lib": "^2.204.0",
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { S3Bucket } from "../../resources";
|
|
3
|
-
interface BootstrapAccountsProps {
|
|
4
|
-
regions: string[];
|
|
5
|
-
templateBucket: S3Bucket;
|
|
6
|
-
organisationId: string;
|
|
7
|
-
organizationalUnitIds: string[];
|
|
8
|
-
}
|
|
9
|
-
export declare class BootstrapAccounts extends Construct {
|
|
10
|
-
constructor(scope: Construct, id: string, props: BootstrapAccountsProps);
|
|
11
|
-
}
|
|
12
|
-
export {};
|
|
@@ -1,72 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.BootstrapAccounts = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const constructs_1 = require("constructs");
|
|
6
|
-
const path = require("path");
|
|
7
|
-
const aws_s3_deployment_1 = require("aws-cdk-lib/aws-s3-deployment");
|
|
8
|
-
const child_process_1 = require("child_process");
|
|
9
|
-
const fs = require("fs");
|
|
10
|
-
const os = require("os");
|
|
11
|
-
class BootstrapAccounts extends constructs_1.Construct {
|
|
12
|
-
constructor(scope, id, props) {
|
|
13
|
-
super(scope, id);
|
|
14
|
-
const stack = aws_cdk_lib_1.Stack.of(this);
|
|
15
|
-
let tmpDir;
|
|
16
|
-
try {
|
|
17
|
-
// Generate the CDK bootstrap template
|
|
18
|
-
const templateContent = (0, child_process_1.execSync)(`cdk bootstrap --show-template`, {
|
|
19
|
-
encoding: "utf8"
|
|
20
|
-
});
|
|
21
|
-
// Create a temporary file to hold the template
|
|
22
|
-
tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "cdk-bootstrap-"));
|
|
23
|
-
const templatePath = path.join(tmpDir, "cdk-bootstrap.template.yml");
|
|
24
|
-
fs.writeFileSync(templatePath, templateContent);
|
|
25
|
-
// Deploy the template to the S3 bucket
|
|
26
|
-
new aws_s3_deployment_1.BucketDeployment(this, "DeployBootstrapTemplate", {
|
|
27
|
-
sources: [aws_s3_deployment_1.Source.asset(tmpDir)],
|
|
28
|
-
destinationBucket: props.templateBucket,
|
|
29
|
-
destinationKeyPrefix: "bootstrap",
|
|
30
|
-
retainOnDelete: false
|
|
31
|
-
});
|
|
32
|
-
}
|
|
33
|
-
catch (error) {
|
|
34
|
-
throw new Error(`Failed to generate CDK bootstrap template: ${error}`);
|
|
35
|
-
}
|
|
36
|
-
finally {
|
|
37
|
-
// Clean up temporary directory
|
|
38
|
-
if (tmpDir && fs.existsSync(tmpDir)) {
|
|
39
|
-
fs.rmSync(tmpDir, { recursive: true, force: true });
|
|
40
|
-
}
|
|
41
|
-
}
|
|
42
|
-
// Use region-agnostic S3 URL format
|
|
43
|
-
const templateURL = `https://${props.templateBucket.bucketName}.s3.amazonaws.com/bootstrap/cdk-bootstrap.template.yml`;
|
|
44
|
-
new aws_cdk_lib_1.CfnStackSet(this, "StackSet", {
|
|
45
|
-
permissionModel: "SERVICE_MANAGED",
|
|
46
|
-
stackSetName: `CDKBootstrap-${stack.stackName}-${Date.now()}`,
|
|
47
|
-
description: "CDK Bootstrap StackSet for organization accounts",
|
|
48
|
-
capabilities: ["CAPABILITY_NAMED_IAM"],
|
|
49
|
-
templateUrl: templateURL,
|
|
50
|
-
autoDeployment: {
|
|
51
|
-
enabled: true,
|
|
52
|
-
retainStacksOnAccountRemoval: false
|
|
53
|
-
},
|
|
54
|
-
callAs: "SELF",
|
|
55
|
-
operationPreferences: {
|
|
56
|
-
regionConcurrencyType: "PARALLEL",
|
|
57
|
-
maxConcurrentPercentage: 100,
|
|
58
|
-
failureTolerancePercentage: 10
|
|
59
|
-
},
|
|
60
|
-
stackInstancesGroup: [
|
|
61
|
-
{
|
|
62
|
-
deploymentTargets: {
|
|
63
|
-
organizationalUnitIds: props.organizationalUnitIds
|
|
64
|
-
},
|
|
65
|
-
regions: props.regions
|
|
66
|
-
}
|
|
67
|
-
]
|
|
68
|
-
});
|
|
69
|
-
}
|
|
70
|
-
}
|
|
71
|
-
exports.BootstrapAccounts = BootstrapAccounts;
|
|
72
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vbGliL2NvbmZpZy9hd3MvYm9vdHN0cmFwLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZDQUFpRDtBQUNqRCwyQ0FBdUM7QUFDdkMsNkJBQThCO0FBRTlCLHFFQUF5RTtBQUN6RSxpREFBeUM7QUFDekMseUJBQXlCO0FBQ3pCLHlCQUF5QjtBQVN6QixNQUFhLGlCQUFrQixTQUFRLHNCQUFTO0lBQzlDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBNkI7UUFDckUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLEtBQUssR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUM3QixJQUFJLE1BQTBCLENBQUM7UUFFL0IsSUFBSSxDQUFDO1lBQ0gsc0NBQXNDO1lBQ3RDLE1BQU0sZUFBZSxHQUFHLElBQUEsd0JBQVEsRUFBQywrQkFBK0IsRUFBRTtnQkFDaEUsUUFBUSxFQUFFLE1BQU07YUFDakIsQ0FBQyxDQUFDO1lBRUgsK0NBQStDO1lBQy9DLE1BQU0sR0FBRyxFQUFFLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLE1BQU0sRUFBRSxFQUFFLGdCQUFnQixDQUFDLENBQUMsQ0FBQztZQUNsRSxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSw0QkFBNEIsQ0FBQyxDQUFDO1lBQ3JFLEVBQUUsQ0FBQyxhQUFhLENBQUMsWUFBWSxFQUFFLGVBQWUsQ0FBQyxDQUFDO1lBRWhELHVDQUF1QztZQUN2QyxJQUFJLG9DQUFnQixDQUFDLElBQUksRUFBRSx5QkFBeUIsRUFBRTtnQkFDcEQsT0FBTyxFQUFFLENBQUMsMEJBQU0sQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQy9CLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxjQUFjO2dCQUN2QyxvQkFBb0IsRUFBRSxXQUFXO2dCQUNqQyxjQUFjLEVBQUUsS0FBSzthQUN0QixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLE1BQU0sSUFBSSxLQUFLLENBQUMsOENBQThDLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDekUsQ0FBQztnQkFBUyxDQUFDO1lBQ1QsK0JBQStCO1lBQy9CLElBQUksTUFBTSxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztnQkFDcEMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO1lBQ3RELENBQUM7UUFDSCxDQUFDO1FBRUQsb0NBQW9DO1FBQ3BDLE1BQU0sV0FBVyxHQUFHLFdBQVcsS0FBSyxDQUFDLGNBQWMsQ0FBQyxVQUFVLHdEQUF3RCxDQUFDO1FBRXZILElBQUkseUJBQVcsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ2hDLGVBQWUsRUFBRSxpQkFBaUI7WUFDbEMsWUFBWSxFQUFFLGdCQUFnQixLQUFLLENBQUMsU0FBUyxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRTtZQUM3RCxXQUFXLEVBQUUsa0RBQWtEO1lBQy9ELFlBQVksRUFBRSxDQUFDLHNCQUFzQixDQUFDO1lBQ3RDLFdBQVcsRUFBRSxXQUFXO1lBQ3hCLGNBQWMsRUFBRTtnQkFDZCxPQUFPLEVBQUUsSUFBSTtnQkFDYiw0QkFBNEIsRUFBRSxLQUFLO2FBQ3BDO1lBQ0QsTUFBTSxFQUFFLE1BQU07WUFDZCxvQkFBb0IsRUFBRTtnQkFDcEIscUJBQXFCLEVBQUUsVUFBVTtnQkFDakMsdUJBQXVCLEVBQUUsR0FBRztnQkFDNUIsMEJBQTBCLEVBQUUsRUFBRTthQUMvQjtZQUNELG1CQUFtQixFQUFFO2dCQUNuQjtvQkFDRSxpQkFBaUIsRUFBRTt3QkFDakIscUJBQXFCLEVBQUUsS0FBSyxDQUFDLHFCQUFxQjtxQkFDbkQ7b0JBQ0QsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO2lCQUN2QjthQUNGO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBL0RELDhDQStEQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IFN0YWNrLCBDZm5TdGFja1NldCB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCBwYXRoID0gcmVxdWlyZShcInBhdGhcIik7XG5pbXBvcnQgeyBTM0J1Y2tldCB9IGZyb20gXCIuLi8uLi9yZXNvdXJjZXNcIjtcbmltcG9ydCB7IEJ1Y2tldERlcGxveW1lbnQsIFNvdXJjZSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczMtZGVwbG95bWVudFwiO1xuaW1wb3J0IHsgZXhlY1N5bmMgfSBmcm9tIFwiY2hpbGRfcHJvY2Vzc1wiO1xuaW1wb3J0ICogYXMgZnMgZnJvbSBcImZzXCI7XG5pbXBvcnQgKiBhcyBvcyBmcm9tIFwib3NcIjtcblxuaW50ZXJmYWNlIEJvb3RzdHJhcEFjY291bnRzUHJvcHMge1xuICByZWdpb25zOiBzdHJpbmdbXTtcbiAgdGVtcGxhdGVCdWNrZXQ6IFMzQnVja2V0O1xuICBvcmdhbmlzYXRpb25JZDogc3RyaW5nO1xuICBvcmdhbml6YXRpb25hbFVuaXRJZHM6IHN0cmluZ1tdO1xufVxuXG5leHBvcnQgY2xhc3MgQm9vdHN0cmFwQWNjb3VudHMgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogQm9vdHN0cmFwQWNjb3VudHNQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBzdGFjayA9IFN0YWNrLm9mKHRoaXMpO1xuICAgIGxldCB0bXBEaXI6IHN0cmluZyB8IHVuZGVmaW5lZDtcblxuICAgIHRyeSB7XG4gICAgICAvLyBHZW5lcmF0ZSB0aGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZVxuICAgICAgY29uc3QgdGVtcGxhdGVDb250ZW50ID0gZXhlY1N5bmMoYGNkayBib290c3RyYXAgLS1zaG93LXRlbXBsYXRlYCwge1xuICAgICAgICBlbmNvZGluZzogXCJ1dGY4XCJcbiAgICAgIH0pO1xuXG4gICAgICAvLyBDcmVhdGUgYSB0ZW1wb3JhcnkgZmlsZSB0byBob2xkIHRoZSB0ZW1wbGF0ZVxuICAgICAgdG1wRGlyID0gZnMubWtkdGVtcFN5bmMocGF0aC5qb2luKG9zLnRtcGRpcigpLCBcImNkay1ib290c3RyYXAtXCIpKTtcbiAgICAgIGNvbnN0IHRlbXBsYXRlUGF0aCA9IHBhdGguam9pbih0bXBEaXIsIFwiY2RrLWJvb3RzdHJhcC50ZW1wbGF0ZS55bWxcIik7XG4gICAgICBmcy53cml0ZUZpbGVTeW5jKHRlbXBsYXRlUGF0aCwgdGVtcGxhdGVDb250ZW50KTtcblxuICAgICAgLy8gRGVwbG95IHRoZSB0ZW1wbGF0ZSB0byB0aGUgUzMgYnVja2V0XG4gICAgICBuZXcgQnVja2V0RGVwbG95bWVudCh0aGlzLCBcIkRlcGxveUJvb3RzdHJhcFRlbXBsYXRlXCIsIHtcbiAgICAgICAgc291cmNlczogW1NvdXJjZS5hc3NldCh0bXBEaXIpXSxcbiAgICAgICAgZGVzdGluYXRpb25CdWNrZXQ6IHByb3BzLnRlbXBsYXRlQnVja2V0LFxuICAgICAgICBkZXN0aW5hdGlvbktleVByZWZpeDogXCJib290c3RyYXBcIixcbiAgICAgICAgcmV0YWluT25EZWxldGU6IGZhbHNlXG4gICAgICB9KTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBGYWlsZWQgdG8gZ2VuZXJhdGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZTogJHtlcnJvcn1gKTtcbiAgICB9IGZpbmFsbHkge1xuICAgICAgLy8gQ2xlYW4gdXAgdGVtcG9yYXJ5IGRpcmVjdG9yeVxuICAgICAgaWYgKHRtcERpciAmJiBmcy5leGlzdHNTeW5jKHRtcERpcikpIHtcbiAgICAgICAgZnMucm1TeW5jKHRtcERpciwgeyByZWN1cnNpdmU6IHRydWUsIGZvcmNlOiB0cnVlIH0pO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIFVzZSByZWdpb24tYWdub3N0aWMgUzMgVVJMIGZvcm1hdFxuICAgIGNvbnN0IHRlbXBsYXRlVVJMID0gYGh0dHBzOi8vJHtwcm9wcy50ZW1wbGF0ZUJ1Y2tldC5idWNrZXROYW1lfS5zMy5hbWF6b25hd3MuY29tL2Jvb3RzdHJhcC9jZGstYm9vdHN0cmFwLnRlbXBsYXRlLnltbGA7XG5cbiAgICBuZXcgQ2ZuU3RhY2tTZXQodGhpcywgXCJTdGFja1NldFwiLCB7XG4gICAgICBwZXJtaXNzaW9uTW9kZWw6IFwiU0VSVklDRV9NQU5BR0VEXCIsXG4gICAgICBzdGFja1NldE5hbWU6IGBDREtCb290c3RyYXAtJHtzdGFjay5zdGFja05hbWV9LSR7RGF0ZS5ub3coKX1gLFxuICAgICAgZGVzY3JpcHRpb246IFwiQ0RLIEJvb3RzdHJhcCBTdGFja1NldCBmb3Igb3JnYW5pemF0aW9uIGFjY291bnRzXCIsXG4gICAgICBjYXBhYmlsaXRpZXM6IFtcIkNBUEFCSUxJVFlfTkFNRURfSUFNXCJdLFxuICAgICAgdGVtcGxhdGVVcmw6IHRlbXBsYXRlVVJMLFxuICAgICAgYXV0b0RlcGxveW1lbnQ6IHtcbiAgICAgICAgZW5hYmxlZDogdHJ1ZSxcbiAgICAgICAgcmV0YWluU3RhY2tzT25BY2NvdW50UmVtb3ZhbDogZmFsc2VcbiAgICAgIH0sXG4gICAgICBjYWxsQXM6IFwiU0VMRlwiLFxuICAgICAgb3BlcmF0aW9uUHJlZmVyZW5jZXM6IHtcbiAgICAgICAgcmVnaW9uQ29uY3VycmVuY3lUeXBlOiBcIlBBUkFMTEVMXCIsXG4gICAgICAgIG1heENvbmN1cnJlbnRQZXJjZW50YWdlOiAxMDAsXG4gICAgICAgIGZhaWx1cmVUb2xlcmFuY2VQZXJjZW50YWdlOiAxMFxuICAgICAgfSxcbiAgICAgIHN0YWNrSW5zdGFuY2VzR3JvdXA6IFtcbiAgICAgICAge1xuICAgICAgICAgIGRlcGxveW1lbnRUYXJnZXRzOiB7XG4gICAgICAgICAgICBvcmdhbml6YXRpb25hbFVuaXRJZHM6IHByb3BzLm9yZ2FuaXphdGlvbmFsVW5pdElkc1xuICAgICAgICAgIH0sXG4gICAgICAgICAgcmVnaW9uczogcHJvcHMucmVnaW9uc1xuICAgICAgICB9XG4gICAgICBdXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import { Stack, StackProps } from "aws-cdk-lib";
|
|
2
|
-
import { Construct } from "constructs";
|
|
3
|
-
import { S3Bucket } from "../../resources";
|
|
4
|
-
interface BootstrapAccountsStackProps extends StackProps {
|
|
5
|
-
orgAccounts: string[];
|
|
6
|
-
regions: string[];
|
|
7
|
-
templateBucket: S3Bucket;
|
|
8
|
-
organisationId: string;
|
|
9
|
-
}
|
|
10
|
-
export declare class BootstrapAccounts extends Stack {
|
|
11
|
-
constructor(scope: Construct, id: string, props: BootstrapAccountsStackProps);
|
|
12
|
-
}
|
|
13
|
-
export {};
|
|
@@ -1,94 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.BootstrapAccounts = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const cdk_stacksets_1 = require("cdk-stacksets");
|
|
6
|
-
const path = require("path");
|
|
7
|
-
const resources_1 = require("../../resources");
|
|
8
|
-
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
9
|
-
const aws_s3_deployment_1 = require("aws-cdk-lib/aws-s3-deployment");
|
|
10
|
-
const child_process_1 = require("child_process");
|
|
11
|
-
const fs = require("fs");
|
|
12
|
-
const os = require("os");
|
|
13
|
-
class BootstrapAccounts extends aws_cdk_lib_1.Stack {
|
|
14
|
-
constructor(scope, id, props) {
|
|
15
|
-
super(scope, id, props);
|
|
16
|
-
let tmpDir;
|
|
17
|
-
try {
|
|
18
|
-
// Generate the CDK bootstrap template
|
|
19
|
-
const templateContent = (0, child_process_1.execSync)(`cdk bootstrap --show-template`, {
|
|
20
|
-
encoding: "utf8"
|
|
21
|
-
});
|
|
22
|
-
// Create a temporary file to hold the template
|
|
23
|
-
tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "cdk-bootstrap-"));
|
|
24
|
-
const templatePath = path.join(tmpDir, "cdk-bootstrap.template.yml");
|
|
25
|
-
fs.writeFileSync(templatePath, templateContent);
|
|
26
|
-
// Deploy the template to the S3 bucket
|
|
27
|
-
new aws_s3_deployment_1.BucketDeployment(this, "DeployBootstrapTemplate", {
|
|
28
|
-
sources: [aws_s3_deployment_1.Source.asset(tmpDir)],
|
|
29
|
-
destinationBucket: props.templateBucket,
|
|
30
|
-
destinationKeyPrefix: "bootstrap",
|
|
31
|
-
retainOnDelete: false
|
|
32
|
-
});
|
|
33
|
-
}
|
|
34
|
-
catch (error) {
|
|
35
|
-
throw new Error(`Failed to generate CDK bootstrap template: ${error}`);
|
|
36
|
-
}
|
|
37
|
-
finally {
|
|
38
|
-
// Clean up temporary directory
|
|
39
|
-
if (tmpDir && fs.existsSync(tmpDir)) {
|
|
40
|
-
fs.rmSync(tmpDir, { recursive: true, force: true });
|
|
41
|
-
}
|
|
42
|
-
}
|
|
43
|
-
// Deploy a bucket for each region to store StackSet assets
|
|
44
|
-
const bucketPrefix = "fjall-managed-organisation-bootstrap";
|
|
45
|
-
const assetBuckets = [];
|
|
46
|
-
for (const region of props.regions) {
|
|
47
|
-
const s3bucket = new resources_1.S3Bucket(this, `AssetBucket${region}`, {
|
|
48
|
-
bucketName: `${bucketPrefix}-${region}-${this.account}`
|
|
49
|
-
});
|
|
50
|
-
// Grant read access to the entire organisation
|
|
51
|
-
s3bucket.addToResourcePolicy(new aws_iam_1.PolicyStatement({
|
|
52
|
-
actions: ["s3:Get*", "s3:List*"],
|
|
53
|
-
resources: [s3bucket.arnForObjects("*"), s3bucket.bucketArn],
|
|
54
|
-
principals: [new aws_iam_1.OrganizationPrincipal(props.organisationId)]
|
|
55
|
-
}));
|
|
56
|
-
assetBuckets.push(s3bucket);
|
|
57
|
-
}
|
|
58
|
-
// Use region-agnostic S3 URL format
|
|
59
|
-
const templateURL = `https://${props.templateBucket.bucketName}.s3.amazonaws.com/bootstrap/cdk-bootstrap.template.yml`;
|
|
60
|
-
const stackSetStack = new BootstrapAccountsStackSet(this, "BootStrapAccountsStackSet", {
|
|
61
|
-
assetBuckets: assetBuckets,
|
|
62
|
-
assetBucketPrefix: bucketPrefix,
|
|
63
|
-
templateURL: templateURL
|
|
64
|
-
});
|
|
65
|
-
new cdk_stacksets_1.StackSet(this, "StackSet", {
|
|
66
|
-
template: cdk_stacksets_1.StackSetTemplate.fromStackSetStack(stackSetStack),
|
|
67
|
-
capabilities: [cdk_stacksets_1.Capability.NAMED_IAM],
|
|
68
|
-
deploymentType: cdk_stacksets_1.DeploymentType.serviceManaged({
|
|
69
|
-
delegatedAdmin: true,
|
|
70
|
-
autoDeployEnabled: true,
|
|
71
|
-
autoDeployRetainStacks: false
|
|
72
|
-
}),
|
|
73
|
-
target: cdk_stacksets_1.StackSetTarget.fromAccounts({
|
|
74
|
-
regions: props.regions,
|
|
75
|
-
accounts: props.orgAccounts
|
|
76
|
-
}),
|
|
77
|
-
operationPreferences: {
|
|
78
|
-
regionConcurrencyType: cdk_stacksets_1.RegionConcurrencyType.PARALLEL,
|
|
79
|
-
maxConcurrentPercentage: 100,
|
|
80
|
-
failureTolerancePercentage: 10
|
|
81
|
-
}
|
|
82
|
-
});
|
|
83
|
-
}
|
|
84
|
-
}
|
|
85
|
-
exports.BootstrapAccounts = BootstrapAccounts;
|
|
86
|
-
class BootstrapAccountsStackSet extends cdk_stacksets_1.StackSetStack {
|
|
87
|
-
constructor(scope, id, props) {
|
|
88
|
-
super(scope, id, props);
|
|
89
|
-
new aws_cdk_lib_1.CfnStack(this, "bootstrapTemplate", {
|
|
90
|
-
templateUrl: props.templateURL
|
|
91
|
-
});
|
|
92
|
-
}
|
|
93
|
-
}
|
|
94
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwLm9yaWdpbmFsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vbGliL2NvbmZpZy9hd3MvYm9vdHN0cmFwLm9yaWdpbmFsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZDQUEwRDtBQUUxRCxpREFTdUI7QUFDdkIsNkJBQThCO0FBQzlCLCtDQUEyQztBQUMzQyxpREFBNkU7QUFDN0UscUVBQXlFO0FBQ3pFLGlEQUF5QztBQUN6Qyx5QkFBeUI7QUFDekIseUJBQXlCO0FBU3pCLE1BQWEsaUJBQWtCLFNBQVEsbUJBQUs7SUFDMUMsWUFDRSxLQUFnQixFQUNoQixFQUFVLEVBQ1YsS0FBa0M7UUFFbEMsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFFeEIsSUFBSSxNQUEwQixDQUFDO1FBRS9CLElBQUksQ0FBQztZQUNILHNDQUFzQztZQUN0QyxNQUFNLGVBQWUsR0FBRyxJQUFBLHdCQUFRLEVBQUMsK0JBQStCLEVBQUU7Z0JBQ2hFLFFBQVEsRUFBRSxNQUFNO2FBQ2pCLENBQUMsQ0FBQztZQUVILCtDQUErQztZQUMvQyxNQUFNLEdBQUcsRUFBRSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDLENBQUM7WUFDbEUsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsNEJBQTRCLENBQUMsQ0FBQztZQUNyRSxFQUFFLENBQUMsYUFBYSxDQUFDLFlBQVksRUFBRSxlQUFlLENBQUMsQ0FBQztZQUVoRCx1Q0FBdUM7WUFDdkMsSUFBSSxvQ0FBZ0IsQ0FBQyxJQUFJLEVBQUUseUJBQXlCLEVBQUU7Z0JBQ3BELE9BQU8sRUFBRSxDQUFDLDBCQUFNLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDO2dCQUMvQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsY0FBYztnQkFDdkMsb0JBQW9CLEVBQUUsV0FBVztnQkFDakMsY0FBYyxFQUFFLEtBQUs7YUFDdEIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixNQUFNLElBQUksS0FBSyxDQUFDLDhDQUE4QyxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQ3pFLENBQUM7Z0JBQVMsQ0FBQztZQUNULCtCQUErQjtZQUMvQixJQUFJLE1BQU0sSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7Z0JBQ3BDLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUN0RCxDQUFDO1FBQ0gsQ0FBQztRQUVELDJEQUEyRDtRQUMzRCxNQUFNLFlBQVksR0FBRyxzQ0FBc0MsQ0FBQztRQUM1RCxNQUFNLFlBQVksR0FBZSxFQUFFLENBQUM7UUFFcEMsS0FBSyxNQUFNLE1BQU0sSUFBSSxLQUFLLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDbkMsTUFBTSxRQUFRLEdBQUcsSUFBSSxvQkFBUSxDQUFDLElBQUksRUFBRSxjQUFjLE1BQU0sRUFBRSxFQUFFO2dCQUMxRCxVQUFVLEVBQUUsR0FBRyxZQUFZLElBQUksTUFBTSxJQUFJLElBQUksQ0FBQyxPQUFPLEVBQUU7YUFDeEQsQ0FBQyxDQUFDO1lBRUgsK0NBQStDO1lBQy9DLFFBQVEsQ0FBQyxtQkFBbUIsQ0FDMUIsSUFBSSx5QkFBZSxDQUFDO2dCQUNsQixPQUFPLEVBQUUsQ0FBQyxTQUFTLEVBQUUsVUFBVSxDQUFDO2dCQUNoQyxTQUFTLEVBQUUsQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxFQUFFLFFBQVEsQ0FBQyxTQUFTLENBQUM7Z0JBQzVELFVBQVUsRUFBRSxDQUFDLElBQUksK0JBQXFCLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FBQyxDQUFDO2FBQzlELENBQUMsQ0FDSCxDQUFDO1lBRUYsWUFBWSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUM5QixDQUFDO1FBRUQsb0NBQW9DO1FBQ3BDLE1BQU0sV0FBVyxHQUFHLFdBQVcsS0FBSyxDQUFDLGNBQWMsQ0FBQyxVQUFVLHdEQUF3RCxDQUFDO1FBRXZILE1BQU0sYUFBYSxHQUFHLElBQUkseUJBQXlCLENBQ2pELElBQUksRUFDSiwyQkFBMkIsRUFDM0I7WUFDRSxZQUFZLEVBQUUsWUFBWTtZQUMxQixpQkFBaUIsRUFBRSxZQUFZO1lBQy9CLFdBQVcsRUFBRSxXQUFXO1NBQ3pCLENBQ0YsQ0FBQztRQUVGLElBQUksd0JBQVEsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQzdCLFFBQVEsRUFBRSxnQ0FBZ0IsQ0FBQyxpQkFBaUIsQ0FBQyxhQUFhLENBQUM7WUFDM0QsWUFBWSxFQUFFLENBQUMsMEJBQVUsQ0FBQyxTQUFTLENBQUM7WUFDcEMsY0FBYyxFQUFFLDhCQUFjLENBQUMsY0FBYyxDQUFDO2dCQUM1QyxjQUFjLEVBQUUsSUFBSTtnQkFDcEIsaUJBQWlCLEVBQUUsSUFBSTtnQkFDdkIsc0JBQXNCLEVBQUUsS0FBSzthQUM5QixDQUFDO1lBQ0YsTUFBTSxFQUFFLDhCQUFjLENBQUMsWUFBWSxDQUFDO2dCQUNsQyxPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87Z0JBQ3RCLFFBQVEsRUFBRSxLQUFLLENBQUMsV0FBVzthQUM1QixDQUFDO1lBQ0Ysb0JBQW9CLEVBQUU7Z0JBQ3BCLHFCQUFxQixFQUFFLHFDQUFxQixDQUFDLFFBQVE7Z0JBQ3JELHVCQUF1QixFQUFFLEdBQUc7Z0JBQzVCLDBCQUEwQixFQUFFLEVBQUU7YUFDL0I7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0Y7QUExRkQsOENBMEZDO0FBUUQsTUFBTSx5QkFBMEIsU0FBUSw2QkFBYTtJQUNuRCxZQUNFLEtBQWdCLEVBQ2hCLEVBQVUsRUFDVixLQUFxQztRQUVyQyxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUV4QixJQUFJLHNCQUFRLENBQUMsSUFBSSxFQUFFLG1CQUFtQixFQUFFO1lBQ3RDLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztTQUMvQixDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0YiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBDZm5TdGFjaywgU3RhY2ssIFN0YWNrUHJvcHMgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQge1xuICBTdGFja1NldCxcbiAgU3RhY2tTZXRUZW1wbGF0ZSxcbiAgU3RhY2tTZXRUYXJnZXQsXG4gIFN0YWNrU2V0U3RhY2ssXG4gIERlcGxveW1lbnRUeXBlLFxuICBDYXBhYmlsaXR5LFxuICBTdGFja1NldFN0YWNrUHJvcHMsXG4gIFJlZ2lvbkNvbmN1cnJlbmN5VHlwZVxufSBmcm9tIFwiY2RrLXN0YWNrc2V0c1wiO1xuaW1wb3J0IHBhdGggPSByZXF1aXJlKFwicGF0aFwiKTtcbmltcG9ydCB7IFMzQnVja2V0IH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlc1wiO1xuaW1wb3J0IHsgT3JnYW5pemF0aW9uUHJpbmNpcGFsLCBQb2xpY3lTdGF0ZW1lbnQgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiO1xuaW1wb3J0IHsgQnVja2V0RGVwbG95bWVudCwgU291cmNlIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1zMy1kZXBsb3ltZW50XCI7XG5pbXBvcnQgeyBleGVjU3luYyB9IGZyb20gXCJjaGlsZF9wcm9jZXNzXCI7XG5pbXBvcnQgKiBhcyBmcyBmcm9tIFwiZnNcIjtcbmltcG9ydCAqIGFzIG9zIGZyb20gXCJvc1wiO1xuXG5pbnRlcmZhY2UgQm9vdHN0cmFwQWNjb3VudHNTdGFja1Byb3BzIGV4dGVuZHMgU3RhY2tQcm9wcyB7XG4gIG9yZ0FjY291bnRzOiBzdHJpbmdbXTtcbiAgcmVnaW9uczogc3RyaW5nW107XG4gIHRlbXBsYXRlQnVja2V0OiBTM0J1Y2tldDtcbiAgb3JnYW5pc2F0aW9uSWQ6IHN0cmluZztcbn1cblxuZXhwb3J0IGNsYXNzIEJvb3RzdHJhcEFjY291bnRzIGV4dGVuZHMgU3RhY2sge1xuICBjb25zdHJ1Y3RvcihcbiAgICBzY29wZTogQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgcHJvcHM6IEJvb3RzdHJhcEFjY291bnRzU3RhY2tQcm9wc1xuICApIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHByb3BzKTtcblxuICAgIGxldCB0bXBEaXI6IHN0cmluZyB8IHVuZGVmaW5lZDtcblxuICAgIHRyeSB7XG4gICAgICAvLyBHZW5lcmF0ZSB0aGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZVxuICAgICAgY29uc3QgdGVtcGxhdGVDb250ZW50ID0gZXhlY1N5bmMoYGNkayBib290c3RyYXAgLS1zaG93LXRlbXBsYXRlYCwge1xuICAgICAgICBlbmNvZGluZzogXCJ1dGY4XCJcbiAgICAgIH0pO1xuXG4gICAgICAvLyBDcmVhdGUgYSB0ZW1wb3JhcnkgZmlsZSB0byBob2xkIHRoZSB0ZW1wbGF0ZVxuICAgICAgdG1wRGlyID0gZnMubWtkdGVtcFN5bmMocGF0aC5qb2luKG9zLnRtcGRpcigpLCBcImNkay1ib290c3RyYXAtXCIpKTtcbiAgICAgIGNvbnN0IHRlbXBsYXRlUGF0aCA9IHBhdGguam9pbih0bXBEaXIsIFwiY2RrLWJvb3RzdHJhcC50ZW1wbGF0ZS55bWxcIik7XG4gICAgICBmcy53cml0ZUZpbGVTeW5jKHRlbXBsYXRlUGF0aCwgdGVtcGxhdGVDb250ZW50KTtcblxuICAgICAgLy8gRGVwbG95IHRoZSB0ZW1wbGF0ZSB0byB0aGUgUzMgYnVja2V0XG4gICAgICBuZXcgQnVja2V0RGVwbG95bWVudCh0aGlzLCBcIkRlcGxveUJvb3RzdHJhcFRlbXBsYXRlXCIsIHtcbiAgICAgICAgc291cmNlczogW1NvdXJjZS5hc3NldCh0bXBEaXIpXSxcbiAgICAgICAgZGVzdGluYXRpb25CdWNrZXQ6IHByb3BzLnRlbXBsYXRlQnVja2V0LFxuICAgICAgICBkZXN0aW5hdGlvbktleVByZWZpeDogXCJib290c3RyYXBcIixcbiAgICAgICAgcmV0YWluT25EZWxldGU6IGZhbHNlXG4gICAgICB9KTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBGYWlsZWQgdG8gZ2VuZXJhdGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZTogJHtlcnJvcn1gKTtcbiAgICB9IGZpbmFsbHkge1xuICAgICAgLy8gQ2xlYW4gdXAgdGVtcG9yYXJ5IGRpcmVjdG9yeVxuICAgICAgaWYgKHRtcERpciAmJiBmcy5leGlzdHNTeW5jKHRtcERpcikpIHtcbiAgICAgICAgZnMucm1TeW5jKHRtcERpciwgeyByZWN1cnNpdmU6IHRydWUsIGZvcmNlOiB0cnVlIH0pO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIERlcGxveSBhIGJ1Y2tldCBmb3IgZWFjaCByZWdpb24gdG8gc3RvcmUgU3RhY2tTZXQgYXNzZXRzXG4gICAgY29uc3QgYnVja2V0UHJlZml4ID0gXCJmamFsbC1tYW5hZ2VkLW9yZ2FuaXNhdGlvbi1ib290c3RyYXBcIjtcbiAgICBjb25zdCBhc3NldEJ1Y2tldHM6IFMzQnVja2V0W10gPSBbXTtcblxuICAgIGZvciAoY29uc3QgcmVnaW9uIG9mIHByb3BzLnJlZ2lvbnMpIHtcbiAgICAgIGNvbnN0IHMzYnVja2V0ID0gbmV3IFMzQnVja2V0KHRoaXMsIGBBc3NldEJ1Y2tldCR7cmVnaW9ufWAsIHtcbiAgICAgICAgYnVja2V0TmFtZTogYCR7YnVja2V0UHJlZml4fS0ke3JlZ2lvbn0tJHt0aGlzLmFjY291bnR9YFxuICAgICAgfSk7XG5cbiAgICAgIC8vIEdyYW50IHJlYWQgYWNjZXNzIHRvIHRoZSBlbnRpcmUgb3JnYW5pc2F0aW9uXG4gICAgICBzM2J1Y2tldC5hZGRUb1Jlc291cmNlUG9saWN5KFxuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXCJzMzpHZXQqXCIsIFwiczM6TGlzdCpcIl0sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbczNidWNrZXQuYXJuRm9yT2JqZWN0cyhcIipcIiksIHMzYnVja2V0LmJ1Y2tldEFybl0sXG4gICAgICAgICAgcHJpbmNpcGFsczogW25ldyBPcmdhbml6YXRpb25QcmluY2lwYWwocHJvcHMub3JnYW5pc2F0aW9uSWQpXVxuICAgICAgICB9KVxuICAgICAgKTtcblxuICAgICAgYXNzZXRCdWNrZXRzLnB1c2goczNidWNrZXQpO1xuICAgIH1cblxuICAgIC8vIFVzZSByZWdpb24tYWdub3N0aWMgUzMgVVJMIGZvcm1hdFxuICAgIGNvbnN0IHRlbXBsYXRlVVJMID0gYGh0dHBzOi8vJHtwcm9wcy50ZW1wbGF0ZUJ1Y2tldC5idWNrZXROYW1lfS5zMy5hbWF6b25hd3MuY29tL2Jvb3RzdHJhcC9jZGstYm9vdHN0cmFwLnRlbXBsYXRlLnltbGA7XG5cbiAgICBjb25zdCBzdGFja1NldFN0YWNrID0gbmV3IEJvb3RzdHJhcEFjY291bnRzU3RhY2tTZXQoXG4gICAgICB0aGlzLFxuICAgICAgXCJCb290U3RyYXBBY2NvdW50c1N0YWNrU2V0XCIsXG4gICAgICB7XG4gICAgICAgIGFzc2V0QnVja2V0czogYXNzZXRCdWNrZXRzLFxuICAgICAgICBhc3NldEJ1Y2tldFByZWZpeDogYnVja2V0UHJlZml4LFxuICAgICAgICB0ZW1wbGF0ZVVSTDogdGVtcGxhdGVVUkxcbiAgICAgIH1cbiAgICApO1xuXG4gICAgbmV3IFN0YWNrU2V0KHRoaXMsIFwiU3RhY2tTZXRcIiwge1xuICAgICAgdGVtcGxhdGU6IFN0YWNrU2V0VGVtcGxhdGUuZnJvbVN0YWNrU2V0U3RhY2soc3RhY2tTZXRTdGFjayksXG4gICAgICBjYXBhYmlsaXRpZXM6IFtDYXBhYmlsaXR5Lk5BTUVEX0lBTV0sXG4gICAgICBkZXBsb3ltZW50VHlwZTogRGVwbG95bWVudFR5cGUuc2VydmljZU1hbmFnZWQoe1xuICAgICAgICBkZWxlZ2F0ZWRBZG1pbjogdHJ1ZSxcbiAgICAgICAgYXV0b0RlcGxveUVuYWJsZWQ6IHRydWUsXG4gICAgICAgIGF1dG9EZXBsb3lSZXRhaW5TdGFja3M6IGZhbHNlXG4gICAgICB9KSxcbiAgICAgIHRhcmdldDogU3RhY2tTZXRUYXJnZXQuZnJvbUFjY291bnRzKHtcbiAgICAgICAgcmVnaW9uczogcHJvcHMucmVnaW9ucyxcbiAgICAgICAgYWNjb3VudHM6IHByb3BzLm9yZ0FjY291bnRzXG4gICAgICB9KSxcbiAgICAgIG9wZXJhdGlvblByZWZlcmVuY2VzOiB7XG4gICAgICAgIHJlZ2lvbkNvbmN1cnJlbmN5VHlwZTogUmVnaW9uQ29uY3VycmVuY3lUeXBlLlBBUkFMTEVMLFxuICAgICAgICBtYXhDb25jdXJyZW50UGVyY2VudGFnZTogMTAwLFxuICAgICAgICBmYWlsdXJlVG9sZXJhbmNlUGVyY2VudGFnZTogMTBcbiAgICAgIH1cbiAgICB9KTtcbiAgfVxufVxuXG5pbnRlcmZhY2UgQm9vdHN0cmFwQWNjb3VudHNTdGFja1NldFByb3BzIGV4dGVuZHMgU3RhY2tTZXRTdGFja1Byb3BzIHtcbiAgdGVtcGxhdGVVUkw6IHN0cmluZztcbiAgYXNzZXRCdWNrZXRzOiBTM0J1Y2tldFtdO1xuICBhc3NldEJ1Y2tldFByZWZpeDogc3RyaW5nO1xufVxuXG5jbGFzcyBCb290c3RyYXBBY2NvdW50c1N0YWNrU2V0IGV4dGVuZHMgU3RhY2tTZXRTdGFjayB7XG4gIGNvbnN0cnVjdG9yKFxuICAgIHNjb3BlOiBDb25zdHJ1Y3QsXG4gICAgaWQ6IHN0cmluZyxcbiAgICBwcm9wczogQm9vdHN0cmFwQWNjb3VudHNTdGFja1NldFByb3BzXG4gICkge1xuICAgIHN1cGVyKHNjb3BlLCBpZCwgcHJvcHMpO1xuXG4gICAgbmV3IENmblN0YWNrKHRoaXMsIFwiYm9vdHN0cmFwVGVtcGxhdGVcIiwge1xuICAgICAgdGVtcGxhdGVVcmw6IHByb3BzLnRlbXBsYXRlVVJMXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { S3Bucket } from "../../resources";
|
|
3
|
-
interface BootstrapAccountsProps {
|
|
4
|
-
orgAccounts: string[];
|
|
5
|
-
regions: string[];
|
|
6
|
-
templateBucket: S3Bucket;
|
|
7
|
-
organisationId: string;
|
|
8
|
-
}
|
|
9
|
-
export declare class BootstrapAccounts extends Construct {
|
|
10
|
-
constructor(scope: Construct, id: string, props: BootstrapAccountsProps);
|
|
11
|
-
}
|
|
12
|
-
export {};
|
|
@@ -1,89 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.BootstrapAccounts = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const constructs_1 = require("constructs");
|
|
6
|
-
const path = require("path");
|
|
7
|
-
const resources_1 = require("../../resources");
|
|
8
|
-
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
9
|
-
const aws_s3_deployment_1 = require("aws-cdk-lib/aws-s3-deployment");
|
|
10
|
-
const child_process_1 = require("child_process");
|
|
11
|
-
const fs = require("fs");
|
|
12
|
-
const os = require("os");
|
|
13
|
-
class BootstrapAccounts extends constructs_1.Construct {
|
|
14
|
-
constructor(scope, id, props) {
|
|
15
|
-
super(scope, id);
|
|
16
|
-
const stack = aws_cdk_lib_1.Stack.of(this);
|
|
17
|
-
let tmpDir;
|
|
18
|
-
try {
|
|
19
|
-
// Generate the CDK bootstrap template
|
|
20
|
-
const templateContent = (0, child_process_1.execSync)(`cdk bootstrap --show-template`, {
|
|
21
|
-
encoding: "utf8"
|
|
22
|
-
});
|
|
23
|
-
// Create a temporary file to hold the template
|
|
24
|
-
tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "cdk-bootstrap-"));
|
|
25
|
-
const templatePath = path.join(tmpDir, "cdk-bootstrap.template.yml");
|
|
26
|
-
fs.writeFileSync(templatePath, templateContent);
|
|
27
|
-
// Deploy the template to the S3 bucket
|
|
28
|
-
new aws_s3_deployment_1.BucketDeployment(this, "DeployBootstrapTemplate", {
|
|
29
|
-
sources: [aws_s3_deployment_1.Source.asset(tmpDir)],
|
|
30
|
-
destinationBucket: props.templateBucket,
|
|
31
|
-
destinationKeyPrefix: "bootstrap",
|
|
32
|
-
retainOnDelete: false
|
|
33
|
-
});
|
|
34
|
-
}
|
|
35
|
-
catch (error) {
|
|
36
|
-
throw new Error(`Failed to generate CDK bootstrap template: ${error}`);
|
|
37
|
-
}
|
|
38
|
-
finally {
|
|
39
|
-
// Clean up temporary directory
|
|
40
|
-
if (tmpDir && fs.existsSync(tmpDir)) {
|
|
41
|
-
fs.rmSync(tmpDir, { recursive: true, force: true });
|
|
42
|
-
}
|
|
43
|
-
}
|
|
44
|
-
// Deploy a bucket for each region to store StackSet assets
|
|
45
|
-
const bucketPrefix = "fjall-stackset-assets";
|
|
46
|
-
const assetBuckets = [];
|
|
47
|
-
for (const region of props.regions) {
|
|
48
|
-
const s3bucket = new resources_1.S3Bucket(this, `AssetBucket${region}`, {
|
|
49
|
-
bucketName: `${bucketPrefix}-${region}-${stack.account}`
|
|
50
|
-
});
|
|
51
|
-
// Grant read access to the entire organisation
|
|
52
|
-
s3bucket.addToResourcePolicy(new aws_iam_1.PolicyStatement({
|
|
53
|
-
actions: ["s3:Get*", "s3:List*"],
|
|
54
|
-
resources: [s3bucket.arnForObjects("*"), s3bucket.bucketArn],
|
|
55
|
-
principals: [new aws_iam_1.OrganizationPrincipal(props.organisationId)]
|
|
56
|
-
}));
|
|
57
|
-
assetBuckets.push(s3bucket);
|
|
58
|
-
}
|
|
59
|
-
// Use region-agnostic S3 URL format
|
|
60
|
-
const templateURL = `https://${props.templateBucket.bucketName}.s3.amazonaws.com/bootstrap/cdk-bootstrap.template.yml`;
|
|
61
|
-
new aws_cdk_lib_1.CfnStackSet(this, "StackSet", {
|
|
62
|
-
permissionModel: "SERVICE_MANAGED",
|
|
63
|
-
stackSetName: `CDKBootstrap-${stack.stackName}`,
|
|
64
|
-
description: "CDK Bootstrap StackSet for organization accounts",
|
|
65
|
-
capabilities: ["CAPABILITY_NAMED_IAM"],
|
|
66
|
-
templateUrl: templateURL,
|
|
67
|
-
autoDeployment: {
|
|
68
|
-
enabled: true,
|
|
69
|
-
retainStacksOnAccountRemoval: false
|
|
70
|
-
},
|
|
71
|
-
callAs: "DELEGATED_ADMIN",
|
|
72
|
-
operationPreferences: {
|
|
73
|
-
regionConcurrencyType: "PARALLEL",
|
|
74
|
-
maxConcurrentPercentage: 100,
|
|
75
|
-
failureTolerancePercentage: 10
|
|
76
|
-
},
|
|
77
|
-
stackInstancesGroup: [
|
|
78
|
-
{
|
|
79
|
-
deploymentTargets: {
|
|
80
|
-
accounts: props.orgAccounts
|
|
81
|
-
},
|
|
82
|
-
regions: props.regions
|
|
83
|
-
}
|
|
84
|
-
]
|
|
85
|
-
});
|
|
86
|
-
}
|
|
87
|
-
}
|
|
88
|
-
exports.BootstrapAccounts = BootstrapAccounts;
|
|
89
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwQWNjb3VudHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9ib290c3RyYXBBY2NvdW50cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBdUU7QUFDdkUsMkNBQXVDO0FBQ3ZDLDZCQUE4QjtBQUM5QiwrQ0FBMkM7QUFDM0MsaURBQTZFO0FBQzdFLHFFQUF5RTtBQUN6RSxpREFBeUM7QUFDekMseUJBQXlCO0FBQ3pCLHlCQUF5QjtBQVN6QixNQUFhLGlCQUFrQixTQUFRLHNCQUFTO0lBQzlDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBNkI7UUFDckUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLEtBQUssR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUM3QixJQUFJLE1BQTBCLENBQUM7UUFFL0IsSUFBSSxDQUFDO1lBQ0gsc0NBQXNDO1lBQ3RDLE1BQU0sZUFBZSxHQUFHLElBQUEsd0JBQVEsRUFBQywrQkFBK0IsRUFBRTtnQkFDaEUsUUFBUSxFQUFFLE1BQU07YUFDakIsQ0FBQyxDQUFDO1lBRUgsK0NBQStDO1lBQy9DLE1BQU0sR0FBRyxFQUFFLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLE1BQU0sRUFBRSxFQUFFLGdCQUFnQixDQUFDLENBQUMsQ0FBQztZQUNsRSxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSw0QkFBNEIsQ0FBQyxDQUFDO1lBQ3JFLEVBQUUsQ0FBQyxhQUFhLENBQUMsWUFBWSxFQUFFLGVBQWUsQ0FBQyxDQUFDO1lBRWhELHVDQUF1QztZQUN2QyxJQUFJLG9DQUFnQixDQUFDLElBQUksRUFBRSx5QkFBeUIsRUFBRTtnQkFDcEQsT0FBTyxFQUFFLENBQUMsMEJBQU0sQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQy9CLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxjQUFjO2dCQUN2QyxvQkFBb0IsRUFBRSxXQUFXO2dCQUNqQyxjQUFjLEVBQUUsS0FBSzthQUN0QixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLE1BQU0sSUFBSSxLQUFLLENBQUMsOENBQThDLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDekUsQ0FBQztnQkFBUyxDQUFDO1lBQ1QsK0JBQStCO1lBQy9CLElBQUksTUFBTSxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztnQkFDcEMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO1lBQ3RELENBQUM7UUFDSCxDQUFDO1FBRUQsMkRBQTJEO1FBQzNELE1BQU0sWUFBWSxHQUFHLHVCQUF1QixDQUFDO1FBQzdDLE1BQU0sWUFBWSxHQUFlLEVBQUUsQ0FBQztRQUVwQyxLQUFLLE1BQU0sTUFBTSxJQUFJLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNuQyxNQUFNLFFBQVEsR0FBRyxJQUFJLG9CQUFRLENBQUMsSUFBSSxFQUFFLGNBQWMsTUFBTSxFQUFFLEVBQUU7Z0JBQzFELFVBQVUsRUFBRSxHQUFHLFlBQVksSUFBSSxNQUFNLElBQUksS0FBSyxDQUFDLE9BQU8sRUFBRTthQUN6RCxDQUFDLENBQUM7WUFFSCwrQ0FBK0M7WUFDL0MsUUFBUSxDQUFDLG1CQUFtQixDQUMxQixJQUFJLHlCQUFlLENBQUM7Z0JBQ2xCLE9BQU8sRUFBRSxDQUFDLFNBQVMsRUFBRSxVQUFVLENBQUM7Z0JBQ2hDLFNBQVMsRUFBRSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLEVBQUUsUUFBUSxDQUFDLFNBQVMsQ0FBQztnQkFDNUQsVUFBVSxFQUFFLENBQUMsSUFBSSwrQkFBcUIsQ0FBQyxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUM7YUFDOUQsQ0FBQyxDQUNILENBQUM7WUFFRixZQUFZLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzlCLENBQUM7UUFFRCxvQ0FBb0M7UUFDcEMsTUFBTSxXQUFXLEdBQUcsV0FBVyxLQUFLLENBQUMsY0FBYyxDQUFDLFVBQVUsd0RBQXdELENBQUM7UUFFdkgsSUFBSSx5QkFBVyxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDaEMsZUFBZSxFQUFFLGlCQUFpQjtZQUNsQyxZQUFZLEVBQUUsZ0JBQWdCLEtBQUssQ0FBQyxTQUFTLEVBQUU7WUFDL0MsV0FBVyxFQUFFLGtEQUFrRDtZQUMvRCxZQUFZLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQztZQUN0QyxXQUFXLEVBQUUsV0FBVztZQUN4QixjQUFjLEVBQUU7Z0JBQ2QsT0FBTyxFQUFFLElBQUk7Z0JBQ2IsNEJBQTRCLEVBQUUsS0FBSzthQUNwQztZQUNELE1BQU0sRUFBRSxpQkFBaUI7WUFDekIsb0JBQW9CLEVBQUU7Z0JBQ3BCLHFCQUFxQixFQUFFLFVBQVU7Z0JBQ2pDLHVCQUF1QixFQUFFLEdBQUc7Z0JBQzVCLDBCQUEwQixFQUFFLEVBQUU7YUFDL0I7WUFDRCxtQkFBbUIsRUFBRTtnQkFDbkI7b0JBQ0UsaUJBQWlCLEVBQUU7d0JBQ2pCLFFBQVEsRUFBRSxLQUFLLENBQUMsV0FBVztxQkFDNUI7b0JBQ0QsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO2lCQUN2QjthQUNGO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBcEZELDhDQW9GQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IENmblN0YWNrLCBTdGFjaywgU3RhY2tQcm9wcywgQ2ZuU3RhY2tTZXQgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgcGF0aCA9IHJlcXVpcmUoXCJwYXRoXCIpO1xuaW1wb3J0IHsgUzNCdWNrZXQgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzXCI7XG5pbXBvcnQgeyBPcmdhbml6YXRpb25QcmluY2lwYWwsIFBvbGljeVN0YXRlbWVudCB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQgeyBCdWNrZXREZXBsb3ltZW50LCBTb3VyY2UgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXMzLWRlcGxveW1lbnRcIjtcbmltcG9ydCB7IGV4ZWNTeW5jIH0gZnJvbSBcImNoaWxkX3Byb2Nlc3NcIjtcbmltcG9ydCAqIGFzIGZzIGZyb20gXCJmc1wiO1xuaW1wb3J0ICogYXMgb3MgZnJvbSBcIm9zXCI7XG5cbmludGVyZmFjZSBCb290c3RyYXBBY2NvdW50c1Byb3BzIHtcbiAgb3JnQWNjb3VudHM6IHN0cmluZ1tdO1xuICByZWdpb25zOiBzdHJpbmdbXTtcbiAgdGVtcGxhdGVCdWNrZXQ6IFMzQnVja2V0O1xuICBvcmdhbmlzYXRpb25JZDogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgQm9vdHN0cmFwQWNjb3VudHMgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogQm9vdHN0cmFwQWNjb3VudHNQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBzdGFjayA9IFN0YWNrLm9mKHRoaXMpO1xuICAgIGxldCB0bXBEaXI6IHN0cmluZyB8IHVuZGVmaW5lZDtcblxuICAgIHRyeSB7XG4gICAgICAvLyBHZW5lcmF0ZSB0aGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZVxuICAgICAgY29uc3QgdGVtcGxhdGVDb250ZW50ID0gZXhlY1N5bmMoYGNkayBib290c3RyYXAgLS1zaG93LXRlbXBsYXRlYCwge1xuICAgICAgICBlbmNvZGluZzogXCJ1dGY4XCJcbiAgICAgIH0pO1xuXG4gICAgICAvLyBDcmVhdGUgYSB0ZW1wb3JhcnkgZmlsZSB0byBob2xkIHRoZSB0ZW1wbGF0ZVxuICAgICAgdG1wRGlyID0gZnMubWtkdGVtcFN5bmMocGF0aC5qb2luKG9zLnRtcGRpcigpLCBcImNkay1ib290c3RyYXAtXCIpKTtcbiAgICAgIGNvbnN0IHRlbXBsYXRlUGF0aCA9IHBhdGguam9pbih0bXBEaXIsIFwiY2RrLWJvb3RzdHJhcC50ZW1wbGF0ZS55bWxcIik7XG4gICAgICBmcy53cml0ZUZpbGVTeW5jKHRlbXBsYXRlUGF0aCwgdGVtcGxhdGVDb250ZW50KTtcblxuICAgICAgLy8gRGVwbG95IHRoZSB0ZW1wbGF0ZSB0byB0aGUgUzMgYnVja2V0XG4gICAgICBuZXcgQnVja2V0RGVwbG95bWVudCh0aGlzLCBcIkRlcGxveUJvb3RzdHJhcFRlbXBsYXRlXCIsIHtcbiAgICAgICAgc291cmNlczogW1NvdXJjZS5hc3NldCh0bXBEaXIpXSxcbiAgICAgICAgZGVzdGluYXRpb25CdWNrZXQ6IHByb3BzLnRlbXBsYXRlQnVja2V0LFxuICAgICAgICBkZXN0aW5hdGlvbktleVByZWZpeDogXCJib290c3RyYXBcIixcbiAgICAgICAgcmV0YWluT25EZWxldGU6IGZhbHNlXG4gICAgICB9KTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBGYWlsZWQgdG8gZ2VuZXJhdGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZTogJHtlcnJvcn1gKTtcbiAgICB9IGZpbmFsbHkge1xuICAgICAgLy8gQ2xlYW4gdXAgdGVtcG9yYXJ5IGRpcmVjdG9yeVxuICAgICAgaWYgKHRtcERpciAmJiBmcy5leGlzdHNTeW5jKHRtcERpcikpIHtcbiAgICAgICAgZnMucm1TeW5jKHRtcERpciwgeyByZWN1cnNpdmU6IHRydWUsIGZvcmNlOiB0cnVlIH0pO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIERlcGxveSBhIGJ1Y2tldCBmb3IgZWFjaCByZWdpb24gdG8gc3RvcmUgU3RhY2tTZXQgYXNzZXRzXG4gICAgY29uc3QgYnVja2V0UHJlZml4ID0gXCJmamFsbC1zdGFja3NldC1hc3NldHNcIjtcbiAgICBjb25zdCBhc3NldEJ1Y2tldHM6IFMzQnVja2V0W10gPSBbXTtcblxuICAgIGZvciAoY29uc3QgcmVnaW9uIG9mIHByb3BzLnJlZ2lvbnMpIHtcbiAgICAgIGNvbnN0IHMzYnVja2V0ID0gbmV3IFMzQnVja2V0KHRoaXMsIGBBc3NldEJ1Y2tldCR7cmVnaW9ufWAsIHtcbiAgICAgICAgYnVja2V0TmFtZTogYCR7YnVja2V0UHJlZml4fS0ke3JlZ2lvbn0tJHtzdGFjay5hY2NvdW50fWBcbiAgICAgIH0pO1xuXG4gICAgICAvLyBHcmFudCByZWFkIGFjY2VzcyB0byB0aGUgZW50aXJlIG9yZ2FuaXNhdGlvblxuICAgICAgczNidWNrZXQuYWRkVG9SZXNvdXJjZVBvbGljeShcbiAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgYWN0aW9uczogW1wiczM6R2V0KlwiLCBcInMzOkxpc3QqXCJdLFxuICAgICAgICAgIHJlc291cmNlczogW3MzYnVja2V0LmFybkZvck9iamVjdHMoXCIqXCIpLCBzM2J1Y2tldC5idWNrZXRBcm5dLFxuICAgICAgICAgIHByaW5jaXBhbHM6IFtuZXcgT3JnYW5pemF0aW9uUHJpbmNpcGFsKHByb3BzLm9yZ2FuaXNhdGlvbklkKV1cbiAgICAgICAgfSlcbiAgICAgICk7XG5cbiAgICAgIGFzc2V0QnVja2V0cy5wdXNoKHMzYnVja2V0KTtcbiAgICB9XG5cbiAgICAvLyBVc2UgcmVnaW9uLWFnbm9zdGljIFMzIFVSTCBmb3JtYXRcbiAgICBjb25zdCB0ZW1wbGF0ZVVSTCA9IGBodHRwczovLyR7cHJvcHMudGVtcGxhdGVCdWNrZXQuYnVja2V0TmFtZX0uczMuYW1hem9uYXdzLmNvbS9ib290c3RyYXAvY2RrLWJvb3RzdHJhcC50ZW1wbGF0ZS55bWxgO1xuXG4gICAgbmV3IENmblN0YWNrU2V0KHRoaXMsIFwiU3RhY2tTZXRcIiwge1xuICAgICAgcGVybWlzc2lvbk1vZGVsOiBcIlNFUlZJQ0VfTUFOQUdFRFwiLFxuICAgICAgc3RhY2tTZXROYW1lOiBgQ0RLQm9vdHN0cmFwLSR7c3RhY2suc3RhY2tOYW1lfWAsXG4gICAgICBkZXNjcmlwdGlvbjogXCJDREsgQm9vdHN0cmFwIFN0YWNrU2V0IGZvciBvcmdhbml6YXRpb24gYWNjb3VudHNcIixcbiAgICAgIGNhcGFiaWxpdGllczogW1wiQ0FQQUJJTElUWV9OQU1FRF9JQU1cIl0sXG4gICAgICB0ZW1wbGF0ZVVybDogdGVtcGxhdGVVUkwsXG4gICAgICBhdXRvRGVwbG95bWVudDoge1xuICAgICAgICBlbmFibGVkOiB0cnVlLFxuICAgICAgICByZXRhaW5TdGFja3NPbkFjY291bnRSZW1vdmFsOiBmYWxzZVxuICAgICAgfSxcbiAgICAgIGNhbGxBczogXCJERUxFR0FURURfQURNSU5cIixcbiAgICAgIG9wZXJhdGlvblByZWZlcmVuY2VzOiB7XG4gICAgICAgIHJlZ2lvbkNvbmN1cnJlbmN5VHlwZTogXCJQQVJBTExFTFwiLFxuICAgICAgICBtYXhDb25jdXJyZW50UGVyY2VudGFnZTogMTAwLFxuICAgICAgICBmYWlsdXJlVG9sZXJhbmNlUGVyY2VudGFnZTogMTBcbiAgICAgIH0sXG4gICAgICBzdGFja0luc3RhbmNlc0dyb3VwOiBbXG4gICAgICAgIHtcbiAgICAgICAgICBkZXBsb3ltZW50VGFyZ2V0czoge1xuICAgICAgICAgICAgYWNjb3VudHM6IHByb3BzLm9yZ0FjY291bnRzXG4gICAgICAgICAgfSxcbiAgICAgICAgICByZWdpb25zOiBwcm9wcy5yZWdpb25zXG4gICAgICAgIH1cbiAgICAgIF1cbiAgICB9KTtcbiAgfVxufVxuIl19
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { S3Bucket } from "../../resources";
|
|
3
|
-
interface MultiRegionStackSetProps {
|
|
4
|
-
orgAccounts: string[];
|
|
5
|
-
regions: string[];
|
|
6
|
-
templateBucket: S3Bucket;
|
|
7
|
-
organisationId: string;
|
|
8
|
-
}
|
|
9
|
-
export declare class MultiRegionStackSetExample extends Construct {
|
|
10
|
-
constructor(scope: Construct, id: string, props: MultiRegionStackSetProps);
|
|
11
|
-
}
|
|
12
|
-
export declare class AlternativeMultiRegionApproach extends Construct {
|
|
13
|
-
constructor(scope: Construct, id: string, props: MultiRegionStackSetProps);
|
|
14
|
-
}
|
|
15
|
-
export {};
|
|
@@ -1,105 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.AlternativeMultiRegionApproach = exports.MultiRegionStackSetExample = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const constructs_1 = require("constructs");
|
|
6
|
-
const resources_1 = require("../../resources");
|
|
7
|
-
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
8
|
-
const lambda = require("aws-cdk-lib/aws-lambda");
|
|
9
|
-
const s3_deployment = require("aws-cdk-lib/aws-s3-deployment");
|
|
10
|
-
class MultiRegionStackSetExample extends constructs_1.Construct {
|
|
11
|
-
constructor(scope, id, props) {
|
|
12
|
-
super(scope, id);
|
|
13
|
-
const stack = aws_cdk_lib_1.Stack.of(this);
|
|
14
|
-
// Step 1: Create asset buckets for each region
|
|
15
|
-
const bucketPrefix = "fjall-stackset-assets";
|
|
16
|
-
const assetBuckets = {};
|
|
17
|
-
for (const region of props.regions) {
|
|
18
|
-
const bucket = new resources_1.S3Bucket(this, `AssetBucket${region}`, {
|
|
19
|
-
bucketName: `${bucketPrefix}-${region}-${stack.account}`
|
|
20
|
-
});
|
|
21
|
-
// Grant read access to the entire organisation
|
|
22
|
-
bucket.addToResourcePolicy(new aws_iam_1.PolicyStatement({
|
|
23
|
-
actions: ["s3:Get*", "s3:List*"],
|
|
24
|
-
resources: [bucket.arnForObjects("*"), bucket.bucketArn],
|
|
25
|
-
principals: [new aws_iam_1.OrganizationPrincipal(props.organisationId)]
|
|
26
|
-
}));
|
|
27
|
-
assetBuckets[region] = bucket;
|
|
28
|
-
}
|
|
29
|
-
// Step 2: Create a separate stack for the StackSet template
|
|
30
|
-
const templateStack = new aws_cdk_lib_1.Stack(this, "TemplateStack");
|
|
31
|
-
// Step 3: Create a mapping for asset buckets by region
|
|
32
|
-
const bucketMapping = new aws_cdk_lib_1.CfnMapping(templateStack, "AssetBuckets", {
|
|
33
|
-
mapping: Object.fromEntries(props.regions.map((region) => [
|
|
34
|
-
region,
|
|
35
|
-
{ BucketName: `${bucketPrefix}-${region}-${stack.account}` }
|
|
36
|
-
]))
|
|
37
|
-
});
|
|
38
|
-
// Step 4: Example Lambda function that uses region-specific assets
|
|
39
|
-
new lambda.CfnFunction(templateStack, "ExampleFunction", {
|
|
40
|
-
runtime: "nodejs18.x",
|
|
41
|
-
handler: "index.handler",
|
|
42
|
-
role: "arn:aws:iam::123456789012:role/lambda-role", // This would be created separately
|
|
43
|
-
code: {
|
|
44
|
-
s3Bucket: bucketMapping.findInMap(aws_cdk_lib_1.Fn.ref("AWS::Region"), "BucketName"),
|
|
45
|
-
s3Key: "lambda-code.zip"
|
|
46
|
-
}
|
|
47
|
-
// ... other properties
|
|
48
|
-
});
|
|
49
|
-
// Step 5: Deploy assets to each region's bucket
|
|
50
|
-
for (const [region, bucket] of Object.entries(assetBuckets)) {
|
|
51
|
-
new s3_deployment.BucketDeployment(this, `AssetDeployment${region}`, {
|
|
52
|
-
sources: [s3_deployment.Source.asset("./lambda-code")],
|
|
53
|
-
destinationBucket: bucket,
|
|
54
|
-
destinationKeyPrefix: "/"
|
|
55
|
-
// Note: BucketDeployment doesn't support region parameter
|
|
56
|
-
// Assets are deployed to the bucket's region automatically
|
|
57
|
-
});
|
|
58
|
-
}
|
|
59
|
-
// Step 6: Synthesize the template and upload it
|
|
60
|
-
// Note: This is conceptual - in practice you'd need to:
|
|
61
|
-
// 1. Use a separate CDK app to synthesize the template
|
|
62
|
-
// 2. Upload it to S3
|
|
63
|
-
// 3. Reference it via templateUrl
|
|
64
|
-
// For now, we'll use a placeholder
|
|
65
|
-
// Step 7: Create the StackSet
|
|
66
|
-
new aws_cdk_lib_1.CfnStackSet(this, "StackSet", {
|
|
67
|
-
permissionModel: "SERVICE_MANAGED",
|
|
68
|
-
stackSetName: `MultiRegionStackSet-${stack.stackName}`,
|
|
69
|
-
capabilities: ["CAPABILITY_NAMED_IAM"],
|
|
70
|
-
templateUrl: `https://${props.templateBucket.bucketName}.s3.amazonaws.com/stackset-template.json`,
|
|
71
|
-
autoDeployment: {
|
|
72
|
-
enabled: true,
|
|
73
|
-
retainStacksOnAccountRemoval: false
|
|
74
|
-
},
|
|
75
|
-
callAs: "DELEGATED_ADMIN",
|
|
76
|
-
operationPreferences: {
|
|
77
|
-
regionConcurrencyType: "PARALLEL",
|
|
78
|
-
maxConcurrentPercentage: 100,
|
|
79
|
-
failureTolerancePercentage: 10
|
|
80
|
-
},
|
|
81
|
-
stackInstancesGroup: [
|
|
82
|
-
{
|
|
83
|
-
deploymentTargets: {
|
|
84
|
-
accounts: props.orgAccounts
|
|
85
|
-
},
|
|
86
|
-
regions: props.regions
|
|
87
|
-
}
|
|
88
|
-
]
|
|
89
|
-
});
|
|
90
|
-
}
|
|
91
|
-
}
|
|
92
|
-
exports.MultiRegionStackSetExample = MultiRegionStackSetExample;
|
|
93
|
-
// Alternative approach using CDK Pipelines for multi-region deployment
|
|
94
|
-
class AlternativeMultiRegionApproach extends constructs_1.Construct {
|
|
95
|
-
constructor(scope, id, props) {
|
|
96
|
-
super(scope, id);
|
|
97
|
-
// For complex multi-region deployments with assets, consider:
|
|
98
|
-
// 1. Using CDK Pipelines instead of StackSets
|
|
99
|
-
// 2. Creating separate stacks per region/account
|
|
100
|
-
// 3. Using AWS CodePipeline to orchestrate deployments
|
|
101
|
-
// This gives you better control over asset handling and deployment order
|
|
102
|
-
}
|
|
103
|
-
}
|
|
104
|
-
exports.AlternativeMultiRegionApproach = AlternativeMultiRegionApproach;
|
|
105
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwTXVsdGlSZWdpb24uZXhhbXBsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9jb25maWcvYXdzL2Jvb3RzdHJhcE11bHRpUmVnaW9uLmV4YW1wbGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQWlFO0FBQ2pFLDJDQUF1QztBQUN2QywrQ0FBMkM7QUFDM0MsaURBQTZFO0FBQzdFLGlEQUFpRDtBQUNqRCwrREFBK0Q7QUFTL0QsTUFBYSwwQkFBMkIsU0FBUSxzQkFBUztJQUN2RCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQStCO1FBQ3ZFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxLQUFLLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFN0IsK0NBQStDO1FBQy9DLE1BQU0sWUFBWSxHQUFHLHVCQUF1QixDQUFDO1FBQzdDLE1BQU0sWUFBWSxHQUFtQyxFQUFFLENBQUM7UUFFeEQsS0FBSyxNQUFNLE1BQU0sSUFBSSxLQUFLLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDbkMsTUFBTSxNQUFNLEdBQUcsSUFBSSxvQkFBUSxDQUFDLElBQUksRUFBRSxjQUFjLE1BQU0sRUFBRSxFQUFFO2dCQUN4RCxVQUFVLEVBQUUsR0FBRyxZQUFZLElBQUksTUFBTSxJQUFJLEtBQUssQ0FBQyxPQUFPLEVBQUU7YUFDekQsQ0FBQyxDQUFDO1lBRUgsK0NBQStDO1lBQy9DLE1BQU0sQ0FBQyxtQkFBbUIsQ0FDeEIsSUFBSSx5QkFBZSxDQUFDO2dCQUNsQixPQUFPLEVBQUUsQ0FBQyxTQUFTLEVBQUUsVUFBVSxDQUFDO2dCQUNoQyxTQUFTLEVBQUUsQ0FBQyxNQUFNLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxTQUFTLENBQUM7Z0JBQ3hELFVBQVUsRUFBRSxDQUFDLElBQUksK0JBQXFCLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FBQyxDQUFDO2FBQzlELENBQUMsQ0FDSCxDQUFDO1lBRUYsWUFBWSxDQUFDLE1BQU0sQ0FBQyxHQUFHLE1BQU0sQ0FBQztRQUNoQyxDQUFDO1FBRUQsNERBQTREO1FBQzVELE1BQU0sYUFBYSxHQUFHLElBQUksbUJBQUssQ0FBQyxJQUFJLEVBQUUsZUFBZSxDQUFDLENBQUM7UUFFdkQsdURBQXVEO1FBQ3ZELE1BQU0sYUFBYSxHQUFHLElBQUksd0JBQVUsQ0FBQyxhQUFhLEVBQUUsY0FBYyxFQUFFO1lBQ2xFLE9BQU8sRUFBRSxNQUFNLENBQUMsV0FBVyxDQUN6QixLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUM7Z0JBQzVCLE1BQU07Z0JBQ04sRUFBRSxVQUFVLEVBQUUsR0FBRyxZQUFZLElBQUksTUFBTSxJQUFJLEtBQUssQ0FBQyxPQUFPLEVBQUUsRUFBRTthQUM3RCxDQUFDLENBQ0g7U0FDRixDQUFDLENBQUM7UUFFSCxtRUFBbUU7UUFDbkUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLGFBQWEsRUFBRSxpQkFBaUIsRUFBRTtZQUN2RCxPQUFPLEVBQUUsWUFBWTtZQUNyQixPQUFPLEVBQUUsZUFBZTtZQUN4QixJQUFJLEVBQUUsNENBQTRDLEVBQUUsbUNBQW1DO1lBQ3ZGLElBQUksRUFBRTtnQkFDSixRQUFRLEVBQUUsYUFBYSxDQUFDLFNBQVMsQ0FBQyxnQkFBRSxDQUFDLEdBQUcsQ0FBQyxhQUFhLENBQUMsRUFBRSxZQUFZLENBQUM7Z0JBQ3RFLEtBQUssRUFBRSxpQkFBaUI7YUFDekI7WUFDRCx1QkFBdUI7U0FDeEIsQ0FBQyxDQUFDO1FBRUgsZ0RBQWdEO1FBQ2hELEtBQUssTUFBTSxDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7WUFDNUQsSUFBSSxhQUFhLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLGtCQUFrQixNQUFNLEVBQUUsRUFBRTtnQkFDbkUsT0FBTyxFQUFFLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLENBQUM7Z0JBQ3RELGlCQUFpQixFQUFFLE1BQU07Z0JBQ3pCLG9CQUFvQixFQUFFLEdBQUc7Z0JBQ3pCLDBEQUEwRDtnQkFDMUQsMkRBQTJEO2FBQzVELENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCxnREFBZ0Q7UUFDaEQsd0RBQXdEO1FBQ3hELHVEQUF1RDtRQUN2RCxxQkFBcUI7UUFDckIsa0NBQWtDO1FBQ2xDLG1DQUFtQztRQUVuQyw4QkFBOEI7UUFDOUIsSUFBSSx5QkFBVyxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDaEMsZUFBZSxFQUFFLGlCQUFpQjtZQUNsQyxZQUFZLEVBQUUsdUJBQXVCLEtBQUssQ0FBQyxTQUFTLEVBQUU7WUFDdEQsWUFBWSxFQUFFLENBQUMsc0JBQXNCLENBQUM7WUFDdEMsV0FBVyxFQUFFLFdBQVcsS0FBSyxDQUFDLGNBQWMsQ0FBQyxVQUFVLDBDQUEwQztZQUNqRyxjQUFjLEVBQUU7Z0JBQ2QsT0FBTyxFQUFFLElBQUk7Z0JBQ2IsNEJBQTRCLEVBQUUsS0FBSzthQUNwQztZQUNELE1BQU0sRUFBRSxpQkFBaUI7WUFDekIsb0JBQW9CLEVBQUU7Z0JBQ3BCLHFCQUFxQixFQUFFLFVBQVU7Z0JBQ2pDLHVCQUF1QixFQUFFLEdBQUc7Z0JBQzVCLDBCQUEwQixFQUFFLEVBQUU7YUFDL0I7WUFDRCxtQkFBbUIsRUFBRTtnQkFDbkI7b0JBQ0UsaUJBQWlCLEVBQUU7d0JBQ2pCLFFBQVEsRUFBRSxLQUFLLENBQUMsV0FBVztxQkFDNUI7b0JBQ0QsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO2lCQUN2QjthQUNGO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBaEdELGdFQWdHQztBQUVELHVFQUF1RTtBQUN2RSxNQUFhLDhCQUErQixTQUFRLHNCQUFTO0lBQzNELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBK0I7UUFDdkUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQiw4REFBOEQ7UUFDOUQsOENBQThDO1FBQzlDLGlEQUFpRDtRQUNqRCx1REFBdUQ7UUFFdkQseUVBQXlFO0lBQzNFLENBQUM7Q0FDRjtBQVhELHdFQVdDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgU3RhY2ssIENmblN0YWNrU2V0LCBDZm5NYXBwaW5nLCBGbiB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IFMzQnVja2V0IH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlc1wiO1xuaW1wb3J0IHsgT3JnYW5pemF0aW9uUHJpbmNpcGFsLCBQb2xpY3lTdGF0ZW1lbnQgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiO1xuaW1wb3J0ICogYXMgbGFtYmRhIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtbGFtYmRhXCI7XG5pbXBvcnQgKiBhcyBzM19kZXBsb3ltZW50IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczMtZGVwbG95bWVudFwiO1xuXG5pbnRlcmZhY2UgTXVsdGlSZWdpb25TdGFja1NldFByb3BzIHtcbiAgb3JnQWNjb3VudHM6IHN0cmluZ1tdO1xuICByZWdpb25zOiBzdHJpbmdbXTtcbiAgdGVtcGxhdGVCdWNrZXQ6IFMzQnVja2V0O1xuICBvcmdhbmlzYXRpb25JZDogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgTXVsdGlSZWdpb25TdGFja1NldEV4YW1wbGUgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogTXVsdGlSZWdpb25TdGFja1NldFByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHN0YWNrID0gU3RhY2sub2YodGhpcyk7XG5cbiAgICAvLyBTdGVwIDE6IENyZWF0ZSBhc3NldCBidWNrZXRzIGZvciBlYWNoIHJlZ2lvblxuICAgIGNvbnN0IGJ1Y2tldFByZWZpeCA9IFwiZmphbGwtc3RhY2tzZXQtYXNzZXRzXCI7XG4gICAgY29uc3QgYXNzZXRCdWNrZXRzOiB7IFtyZWdpb246IHN0cmluZ106IFMzQnVja2V0IH0gPSB7fTtcblxuICAgIGZvciAoY29uc3QgcmVnaW9uIG9mIHByb3BzLnJlZ2lvbnMpIHtcbiAgICAgIGNvbnN0IGJ1Y2tldCA9IG5ldyBTM0J1Y2tldCh0aGlzLCBgQXNzZXRCdWNrZXQke3JlZ2lvbn1gLCB7XG4gICAgICAgIGJ1Y2tldE5hbWU6IGAke2J1Y2tldFByZWZpeH0tJHtyZWdpb259LSR7c3RhY2suYWNjb3VudH1gXG4gICAgICB9KTtcblxuICAgICAgLy8gR3JhbnQgcmVhZCBhY2Nlc3MgdG8gdGhlIGVudGlyZSBvcmdhbmlzYXRpb25cbiAgICAgIGJ1Y2tldC5hZGRUb1Jlc291cmNlUG9saWN5KFxuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXCJzMzpHZXQqXCIsIFwiczM6TGlzdCpcIl0sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbYnVja2V0LmFybkZvck9iamVjdHMoXCIqXCIpLCBidWNrZXQuYnVja2V0QXJuXSxcbiAgICAgICAgICBwcmluY2lwYWxzOiBbbmV3IE9yZ2FuaXphdGlvblByaW5jaXBhbChwcm9wcy5vcmdhbmlzYXRpb25JZCldXG4gICAgICAgIH0pXG4gICAgICApO1xuXG4gICAgICBhc3NldEJ1Y2tldHNbcmVnaW9uXSA9IGJ1Y2tldDtcbiAgICB9XG5cbiAgICAvLyBTdGVwIDI6IENyZWF0ZSBhIHNlcGFyYXRlIHN0YWNrIGZvciB0aGUgU3RhY2tTZXQgdGVtcGxhdGVcbiAgICBjb25zdCB0ZW1wbGF0ZVN0YWNrID0gbmV3IFN0YWNrKHRoaXMsIFwiVGVtcGxhdGVTdGFja1wiKTtcblxuICAgIC8vIFN0ZXAgMzogQ3JlYXRlIGEgbWFwcGluZyBmb3IgYXNzZXQgYnVja2V0cyBieSByZWdpb25cbiAgICBjb25zdCBidWNrZXRNYXBwaW5nID0gbmV3IENmbk1hcHBpbmcodGVtcGxhdGVTdGFjaywgXCJBc3NldEJ1Y2tldHNcIiwge1xuICAgICAgbWFwcGluZzogT2JqZWN0LmZyb21FbnRyaWVzKFxuICAgICAgICBwcm9wcy5yZWdpb25zLm1hcCgocmVnaW9uKSA9PiBbXG4gICAgICAgICAgcmVnaW9uLFxuICAgICAgICAgIHsgQnVja2V0TmFtZTogYCR7YnVja2V0UHJlZml4fS0ke3JlZ2lvbn0tJHtzdGFjay5hY2NvdW50fWAgfVxuICAgICAgICBdKVxuICAgICAgKVxuICAgIH0pO1xuXG4gICAgLy8gU3RlcCA0OiBFeGFtcGxlIExhbWJkYSBmdW5jdGlvbiB0aGF0IHVzZXMgcmVnaW9uLXNwZWNpZmljIGFzc2V0c1xuICAgIG5ldyBsYW1iZGEuQ2ZuRnVuY3Rpb24odGVtcGxhdGVTdGFjaywgXCJFeGFtcGxlRnVuY3Rpb25cIiwge1xuICAgICAgcnVudGltZTogXCJub2RlanMxOC54XCIsXG4gICAgICBoYW5kbGVyOiBcImluZGV4LmhhbmRsZXJcIixcbiAgICAgIHJvbGU6IFwiYXJuOmF3czppYW06OjEyMzQ1Njc4OTAxMjpyb2xlL2xhbWJkYS1yb2xlXCIsIC8vIFRoaXMgd291bGQgYmUgY3JlYXRlZCBzZXBhcmF0ZWx5XG4gICAgICBjb2RlOiB7XG4gICAgICAgIHMzQnVja2V0OiBidWNrZXRNYXBwaW5nLmZpbmRJbk1hcChGbi5yZWYoXCJBV1M6OlJlZ2lvblwiKSwgXCJCdWNrZXROYW1lXCIpLFxuICAgICAgICBzM0tleTogXCJsYW1iZGEtY29kZS56aXBcIlxuICAgICAgfVxuICAgICAgLy8gLi4uIG90aGVyIHByb3BlcnRpZXNcbiAgICB9KTtcblxuICAgIC8vIFN0ZXAgNTogRGVwbG95IGFzc2V0cyB0byBlYWNoIHJlZ2lvbidzIGJ1Y2tldFxuICAgIGZvciAoY29uc3QgW3JlZ2lvbiwgYnVja2V0XSBvZiBPYmplY3QuZW50cmllcyhhc3NldEJ1Y2tldHMpKSB7XG4gICAgICBuZXcgczNfZGVwbG95bWVudC5CdWNrZXREZXBsb3ltZW50KHRoaXMsIGBBc3NldERlcGxveW1lbnQke3JlZ2lvbn1gLCB7XG4gICAgICAgIHNvdXJjZXM6IFtzM19kZXBsb3ltZW50LlNvdXJjZS5hc3NldChcIi4vbGFtYmRhLWNvZGVcIildLFxuICAgICAgICBkZXN0aW5hdGlvbkJ1Y2tldDogYnVja2V0LFxuICAgICAgICBkZXN0aW5hdGlvbktleVByZWZpeDogXCIvXCJcbiAgICAgICAgLy8gTm90ZTogQnVja2V0RGVwbG95bWVudCBkb2Vzbid0IHN1cHBvcnQgcmVnaW9uIHBhcmFtZXRlclxuICAgICAgICAvLyBBc3NldHMgYXJlIGRlcGxveWVkIHRvIHRoZSBidWNrZXQncyByZWdpb24gYXV0b21hdGljYWxseVxuICAgICAgfSk7XG4gICAgfVxuXG4gICAgLy8gU3RlcCA2OiBTeW50aGVzaXplIHRoZSB0ZW1wbGF0ZSBhbmQgdXBsb2FkIGl0XG4gICAgLy8gTm90ZTogVGhpcyBpcyBjb25jZXB0dWFsIC0gaW4gcHJhY3RpY2UgeW91J2QgbmVlZCB0bzpcbiAgICAvLyAxLiBVc2UgYSBzZXBhcmF0ZSBDREsgYXBwIHRvIHN5bnRoZXNpemUgdGhlIHRlbXBsYXRlXG4gICAgLy8gMi4gVXBsb2FkIGl0IHRvIFMzXG4gICAgLy8gMy4gUmVmZXJlbmNlIGl0IHZpYSB0ZW1wbGF0ZVVybFxuICAgIC8vIEZvciBub3csIHdlJ2xsIHVzZSBhIHBsYWNlaG9sZGVyXG5cbiAgICAvLyBTdGVwIDc6IENyZWF0ZSB0aGUgU3RhY2tTZXRcbiAgICBuZXcgQ2ZuU3RhY2tTZXQodGhpcywgXCJTdGFja1NldFwiLCB7XG4gICAgICBwZXJtaXNzaW9uTW9kZWw6IFwiU0VSVklDRV9NQU5BR0VEXCIsXG4gICAgICBzdGFja1NldE5hbWU6IGBNdWx0aVJlZ2lvblN0YWNrU2V0LSR7c3RhY2suc3RhY2tOYW1lfWAsXG4gICAgICBjYXBhYmlsaXRpZXM6IFtcIkNBUEFCSUxJVFlfTkFNRURfSUFNXCJdLFxuICAgICAgdGVtcGxhdGVVcmw6IGBodHRwczovLyR7cHJvcHMudGVtcGxhdGVCdWNrZXQuYnVja2V0TmFtZX0uczMuYW1hem9uYXdzLmNvbS9zdGFja3NldC10ZW1wbGF0ZS5qc29uYCxcbiAgICAgIGF1dG9EZXBsb3ltZW50OiB7XG4gICAgICAgIGVuYWJsZWQ6IHRydWUsXG4gICAgICAgIHJldGFpblN0YWNrc09uQWNjb3VudFJlbW92YWw6IGZhbHNlXG4gICAgICB9LFxuICAgICAgY2FsbEFzOiBcIkRFTEVHQVRFRF9BRE1JTlwiLFxuICAgICAgb3BlcmF0aW9uUHJlZmVyZW5jZXM6IHtcbiAgICAgICAgcmVnaW9uQ29uY3VycmVuY3lUeXBlOiBcIlBBUkFMTEVMXCIsXG4gICAgICAgIG1heENvbmN1cnJlbnRQZXJjZW50YWdlOiAxMDAsXG4gICAgICAgIGZhaWx1cmVUb2xlcmFuY2VQZXJjZW50YWdlOiAxMFxuICAgICAgfSxcbiAgICAgIHN0YWNrSW5zdGFuY2VzR3JvdXA6IFtcbiAgICAgICAge1xuICAgICAgICAgIGRlcGxveW1lbnRUYXJnZXRzOiB7XG4gICAgICAgICAgICBhY2NvdW50czogcHJvcHMub3JnQWNjb3VudHNcbiAgICAgICAgICB9LFxuICAgICAgICAgIHJlZ2lvbnM6IHByb3BzLnJlZ2lvbnNcbiAgICAgICAgfVxuICAgICAgXVxuICAgIH0pO1xuICB9XG59XG5cbi8vIEFsdGVybmF0aXZlIGFwcHJvYWNoIHVzaW5nIENESyBQaXBlbGluZXMgZm9yIG11bHRpLXJlZ2lvbiBkZXBsb3ltZW50XG5leHBvcnQgY2xhc3MgQWx0ZXJuYXRpdmVNdWx0aVJlZ2lvbkFwcHJvYWNoIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IE11bHRpUmVnaW9uU3RhY2tTZXRQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICAvLyBGb3IgY29tcGxleCBtdWx0aS1yZWdpb24gZGVwbG95bWVudHMgd2l0aCBhc3NldHMsIGNvbnNpZGVyOlxuICAgIC8vIDEuIFVzaW5nIENESyBQaXBlbGluZXMgaW5zdGVhZCBvZiBTdGFja1NldHNcbiAgICAvLyAyLiBDcmVhdGluZyBzZXBhcmF0ZSBzdGFja3MgcGVyIHJlZ2lvbi9hY2NvdW50XG4gICAgLy8gMy4gVXNpbmcgQVdTIENvZGVQaXBlbGluZSB0byBvcmNoZXN0cmF0ZSBkZXBsb3ltZW50c1xuXG4gICAgLy8gVGhpcyBnaXZlcyB5b3UgYmV0dGVyIGNvbnRyb2wgb3ZlciBhc3NldCBoYW5kbGluZyBhbmQgZGVwbG95bWVudCBvcmRlclxuICB9XG59XG4iXX0=
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { S3Bucket } from "../../resources";
|
|
3
|
-
interface BootstrapAccountsProps {
|
|
4
|
-
orgAccounts: string[];
|
|
5
|
-
regions: string[];
|
|
6
|
-
templateBucket: S3Bucket;
|
|
7
|
-
organisationId: string;
|
|
8
|
-
}
|
|
9
|
-
export declare class BootstrapAccountsSelfManaged extends Construct {
|
|
10
|
-
constructor(scope: Construct, id: string, props: BootstrapAccountsProps);
|
|
11
|
-
}
|
|
12
|
-
export declare const SELF_MANAGED_SETUP = "\n# In the administrator account:\naws cloudformation create-stack \\\n --stack-name StackSetAdministrationRole \\\n --template-url https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetAdministrationRole.yml \\\n --capabilities CAPABILITY_NAMED_IAM\n\n# In each target account:\naws cloudformation create-stack \\\n --stack-name StackSetExecutionRole \\\n --template-url https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetExecutionRole.yml \\\n --parameters ParameterKey=AdministratorAccountId,ParameterValue=<ADMIN_ACCOUNT_ID> \\\n --capabilities CAPABILITY_NAMED_IAM\n";
|
|
13
|
-
export {};
|
|
@@ -1,56 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SELF_MANAGED_SETUP = exports.BootstrapAccountsSelfManaged = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const constructs_1 = require("constructs");
|
|
6
|
-
class BootstrapAccountsSelfManaged extends constructs_1.Construct {
|
|
7
|
-
constructor(scope, id, props) {
|
|
8
|
-
super(scope, id);
|
|
9
|
-
const stack = aws_cdk_lib_1.Stack.of(this);
|
|
10
|
-
// For self-managed permissions, you need:
|
|
11
|
-
// 1. AWSCloudFormationStackSetAdministrationRole in the admin account
|
|
12
|
-
// 2. AWSCloudFormationStackSetExecutionRole in each target account
|
|
13
|
-
const templateURL = `https://${props.templateBucket.bucketName}.s3.amazonaws.com/bootstrap/cdk-bootstrap.template.yml`;
|
|
14
|
-
new aws_cdk_lib_1.CfnStackSet(this, "StackSet", {
|
|
15
|
-
permissionModel: "SELF_MANAGED", // Using self-managed permissions
|
|
16
|
-
stackSetName: `CDKBootstrap-${stack.stackName}`,
|
|
17
|
-
description: "CDK Bootstrap StackSet for organization accounts",
|
|
18
|
-
capabilities: ["CAPABILITY_NAMED_IAM"],
|
|
19
|
-
templateUrl: templateURL,
|
|
20
|
-
// No autoDeployment with self-managed permissions
|
|
21
|
-
// No callAs needed with self-managed permissions
|
|
22
|
-
administrationRoleArn: `arn:aws:iam::${stack.account}:role/AWSCloudFormationStackSetAdministrationRole`,
|
|
23
|
-
executionRoleName: "AWSCloudFormationStackSetExecutionRole",
|
|
24
|
-
operationPreferences: {
|
|
25
|
-
regionConcurrencyType: "PARALLEL",
|
|
26
|
-
maxConcurrentPercentage: 100,
|
|
27
|
-
failureTolerancePercentage: 10
|
|
28
|
-
},
|
|
29
|
-
stackInstancesGroup: [
|
|
30
|
-
{
|
|
31
|
-
deploymentTargets: {
|
|
32
|
-
accounts: props.orgAccounts
|
|
33
|
-
},
|
|
34
|
-
regions: props.regions
|
|
35
|
-
}
|
|
36
|
-
]
|
|
37
|
-
});
|
|
38
|
-
}
|
|
39
|
-
}
|
|
40
|
-
exports.BootstrapAccountsSelfManaged = BootstrapAccountsSelfManaged;
|
|
41
|
-
// Script to create the required roles for self-managed permissions
|
|
42
|
-
exports.SELF_MANAGED_SETUP = `
|
|
43
|
-
# In the administrator account:
|
|
44
|
-
aws cloudformation create-stack \\
|
|
45
|
-
--stack-name StackSetAdministrationRole \\
|
|
46
|
-
--template-url https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetAdministrationRole.yml \\
|
|
47
|
-
--capabilities CAPABILITY_NAMED_IAM
|
|
48
|
-
|
|
49
|
-
# In each target account:
|
|
50
|
-
aws cloudformation create-stack \\
|
|
51
|
-
--stack-name StackSetExecutionRole \\
|
|
52
|
-
--template-url https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetExecutionRole.yml \\
|
|
53
|
-
--parameters ParameterKey=AdministratorAccountId,ParameterValue=<ADMIN_ACCOUNT_ID> \\
|
|
54
|
-
--capabilities CAPABILITY_NAMED_IAM
|
|
55
|
-
`;
|
|
56
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwU2VsZk1hbmFnZWQuZXhhbXBsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9jb25maWcvYXdzL2Jvb3RzdHJhcFNlbGZNYW5hZ2VkLmV4YW1wbGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQWlEO0FBQ2pELDJDQUF1QztBQVV2QyxNQUFhLDRCQUE2QixTQUFRLHNCQUFTO0lBQ3pELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBNkI7UUFDckUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLEtBQUssR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUU3QiwwQ0FBMEM7UUFDMUMsc0VBQXNFO1FBQ3RFLG1FQUFtRTtRQUVuRSxNQUFNLFdBQVcsR0FBRyxXQUFXLEtBQUssQ0FBQyxjQUFjLENBQUMsVUFBVSx3REFBd0QsQ0FBQztRQUV2SCxJQUFJLHlCQUFXLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRTtZQUNoQyxlQUFlLEVBQUUsY0FBYyxFQUFFLGlDQUFpQztZQUNsRSxZQUFZLEVBQUUsZ0JBQWdCLEtBQUssQ0FBQyxTQUFTLEVBQUU7WUFDL0MsV0FBVyxFQUFFLGtEQUFrRDtZQUMvRCxZQUFZLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQztZQUN0QyxXQUFXLEVBQUUsV0FBVztZQUN4QixrREFBa0Q7WUFDbEQsaURBQWlEO1lBQ2pELHFCQUFxQixFQUFFLGdCQUFnQixLQUFLLENBQUMsT0FBTyxtREFBbUQ7WUFDdkcsaUJBQWlCLEVBQUUsd0NBQXdDO1lBQzNELG9CQUFvQixFQUFFO2dCQUNwQixxQkFBcUIsRUFBRSxVQUFVO2dCQUNqQyx1QkFBdUIsRUFBRSxHQUFHO2dCQUM1QiwwQkFBMEIsRUFBRSxFQUFFO2FBQy9CO1lBQ0QsbUJBQW1CLEVBQUU7Z0JBQ25CO29CQUNFLGlCQUFpQixFQUFFO3dCQUNqQixRQUFRLEVBQUUsS0FBSyxDQUFDLFdBQVc7cUJBQzVCO29CQUNELE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztpQkFDdkI7YUFDRjtTQUNGLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRjtBQXJDRCxvRUFxQ0M7QUFFRCxtRUFBbUU7QUFDdEQsUUFBQSxrQkFBa0IsR0FBRzs7Ozs7Ozs7Ozs7OztDQWFqQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgU3RhY2ssIENmblN0YWNrU2V0IH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuaW1wb3J0IHsgUzNCdWNrZXQgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzXCI7XG5cbmludGVyZmFjZSBCb290c3RyYXBBY2NvdW50c1Byb3BzIHtcbiAgb3JnQWNjb3VudHM6IHN0cmluZ1tdO1xuICByZWdpb25zOiBzdHJpbmdbXTtcbiAgdGVtcGxhdGVCdWNrZXQ6IFMzQnVja2V0O1xuICBvcmdhbmlzYXRpb25JZDogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgQm9vdHN0cmFwQWNjb3VudHNTZWxmTWFuYWdlZCBleHRlbmRzIENvbnN0cnVjdCB7XG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBCb290c3RyYXBBY2NvdW50c1Byb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHN0YWNrID0gU3RhY2sub2YodGhpcyk7XG5cbiAgICAvLyBGb3Igc2VsZi1tYW5hZ2VkIHBlcm1pc3Npb25zLCB5b3UgbmVlZDpcbiAgICAvLyAxLiBBV1NDbG91ZEZvcm1hdGlvblN0YWNrU2V0QWRtaW5pc3RyYXRpb25Sb2xlIGluIHRoZSBhZG1pbiBhY2NvdW50XG4gICAgLy8gMi4gQVdTQ2xvdWRGb3JtYXRpb25TdGFja1NldEV4ZWN1dGlvblJvbGUgaW4gZWFjaCB0YXJnZXQgYWNjb3VudFxuXG4gICAgY29uc3QgdGVtcGxhdGVVUkwgPSBgaHR0cHM6Ly8ke3Byb3BzLnRlbXBsYXRlQnVja2V0LmJ1Y2tldE5hbWV9LnMzLmFtYXpvbmF3cy5jb20vYm9vdHN0cmFwL2Nkay1ib290c3RyYXAudGVtcGxhdGUueW1sYDtcblxuICAgIG5ldyBDZm5TdGFja1NldCh0aGlzLCBcIlN0YWNrU2V0XCIsIHtcbiAgICAgIHBlcm1pc3Npb25Nb2RlbDogXCJTRUxGX01BTkFHRURcIiwgLy8gVXNpbmcgc2VsZi1tYW5hZ2VkIHBlcm1pc3Npb25zXG4gICAgICBzdGFja1NldE5hbWU6IGBDREtCb290c3RyYXAtJHtzdGFjay5zdGFja05hbWV9YCxcbiAgICAgIGRlc2NyaXB0aW9uOiBcIkNESyBCb290c3RyYXAgU3RhY2tTZXQgZm9yIG9yZ2FuaXphdGlvbiBhY2NvdW50c1wiLFxuICAgICAgY2FwYWJpbGl0aWVzOiBbXCJDQVBBQklMSVRZX05BTUVEX0lBTVwiXSxcbiAgICAgIHRlbXBsYXRlVXJsOiB0ZW1wbGF0ZVVSTCxcbiAgICAgIC8vIE5vIGF1dG9EZXBsb3ltZW50IHdpdGggc2VsZi1tYW5hZ2VkIHBlcm1pc3Npb25zXG4gICAgICAvLyBObyBjYWxsQXMgbmVlZGVkIHdpdGggc2VsZi1tYW5hZ2VkIHBlcm1pc3Npb25zXG4gICAgICBhZG1pbmlzdHJhdGlvblJvbGVBcm46IGBhcm46YXdzOmlhbTo6JHtzdGFjay5hY2NvdW50fTpyb2xlL0FXU0Nsb3VkRm9ybWF0aW9uU3RhY2tTZXRBZG1pbmlzdHJhdGlvblJvbGVgLFxuICAgICAgZXhlY3V0aW9uUm9sZU5hbWU6IFwiQVdTQ2xvdWRGb3JtYXRpb25TdGFja1NldEV4ZWN1dGlvblJvbGVcIixcbiAgICAgIG9wZXJhdGlvblByZWZlcmVuY2VzOiB7XG4gICAgICAgIHJlZ2lvbkNvbmN1cnJlbmN5VHlwZTogXCJQQVJBTExFTFwiLFxuICAgICAgICBtYXhDb25jdXJyZW50UGVyY2VudGFnZTogMTAwLFxuICAgICAgICBmYWlsdXJlVG9sZXJhbmNlUGVyY2VudGFnZTogMTBcbiAgICAgIH0sXG4gICAgICBzdGFja0luc3RhbmNlc0dyb3VwOiBbXG4gICAgICAgIHtcbiAgICAgICAgICBkZXBsb3ltZW50VGFyZ2V0czoge1xuICAgICAgICAgICAgYWNjb3VudHM6IHByb3BzLm9yZ0FjY291bnRzXG4gICAgICAgICAgfSxcbiAgICAgICAgICByZWdpb25zOiBwcm9wcy5yZWdpb25zXG4gICAgICAgIH1cbiAgICAgIF1cbiAgICB9KTtcbiAgfVxufVxuXG4vLyBTY3JpcHQgdG8gY3JlYXRlIHRoZSByZXF1aXJlZCByb2xlcyBmb3Igc2VsZi1tYW5hZ2VkIHBlcm1pc3Npb25zXG5leHBvcnQgY29uc3QgU0VMRl9NQU5BR0VEX1NFVFVQID0gYFxuIyBJbiB0aGUgYWRtaW5pc3RyYXRvciBhY2NvdW50OlxuYXdzIGNsb3VkZm9ybWF0aW9uIGNyZWF0ZS1zdGFjayBcXFxcXG4gIC0tc3RhY2stbmFtZSBTdGFja1NldEFkbWluaXN0cmF0aW9uUm9sZSBcXFxcXG4gIC0tdGVtcGxhdGUtdXJsIGh0dHBzOi8vczMuYW1hem9uYXdzLmNvbS9jbG91ZGZvcm1hdGlvbi1zdGFja3NldC1zYW1wbGUtdGVtcGxhdGVzLXVzLWVhc3QtMS9BV1NDbG91ZEZvcm1hdGlvblN0YWNrU2V0QWRtaW5pc3RyYXRpb25Sb2xlLnltbCBcXFxcXG4gIC0tY2FwYWJpbGl0aWVzIENBUEFCSUxJVFlfTkFNRURfSUFNXG5cbiMgSW4gZWFjaCB0YXJnZXQgYWNjb3VudDpcbmF3cyBjbG91ZGZvcm1hdGlvbiBjcmVhdGUtc3RhY2sgXFxcXFxuICAtLXN0YWNrLW5hbWUgU3RhY2tTZXRFeGVjdXRpb25Sb2xlIFxcXFxcbiAgLS10ZW1wbGF0ZS11cmwgaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2Nsb3VkZm9ybWF0aW9uLXN0YWNrc2V0LXNhbXBsZS10ZW1wbGF0ZXMtdXMtZWFzdC0xL0FXU0Nsb3VkRm9ybWF0aW9uU3RhY2tTZXRFeGVjdXRpb25Sb2xlLnltbCBcXFxcXG4gIC0tcGFyYW1ldGVycyBQYXJhbWV0ZXJLZXk9QWRtaW5pc3RyYXRvckFjY291bnRJZCxQYXJhbWV0ZXJWYWx1ZT08QURNSU5fQUNDT1VOVF9JRD4gXFxcXFxuICAtLWNhcGFiaWxpdGllcyBDQVBBQklMSVRZX05BTUVEX0lBTVxuYDtcbiJdfQ==
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { S3Bucket } from "../../resources";
|
|
3
|
-
interface DeployManagedAccountsProps {
|
|
4
|
-
regions: string[];
|
|
5
|
-
templateBucket: S3Bucket;
|
|
6
|
-
organisationId: string;
|
|
7
|
-
organizationalUnitIds: string[];
|
|
8
|
-
}
|
|
9
|
-
/**
|
|
10
|
-
* Deploys the ManagedAccount stack to all accounts in the specified organizational units
|
|
11
|
-
* using AWS CloudFormation StackSets.
|
|
12
|
-
*/
|
|
13
|
-
export declare class DeployManagedAccounts extends Construct {
|
|
14
|
-
constructor(scope: Construct, id: string, props: DeployManagedAccountsProps);
|
|
15
|
-
}
|
|
16
|
-
export {};
|